Mon, Jun 22, 2020

Jason Smolanoff Featured in CSO Online Discussing Data Collection and Preservation During COVID-19

As organizations begin to consider reopening in the wake of COVID-19, many companies are tracking which employees are healthy, and which have been infected with the disease. In doing so, companies obtain and collect sensitive personal data that requires proper protection. Chief information security officers and data protection officers are challenged with the task of deciding what data to collect and how to protect it. Jason Smolanoff, Senior Managing Director and global leader of the Cyber Risk practice at Kroll, a division of Duff & Phelps, spoke with CSO Online regarding the collection of sensitive, health-related data and best practices for storing it.

Jason highlights the importance of collecting only the minimal, necessary data an employee or team needs to successfully accomplish their functions within an organization. When storing the data, Jason states its best to “avoid moving a lot of existing data into a new data structure, but rather have a value that can be used to link the COVID data to your existing HR or medical department systems.” It is important for companies to be transparent regarding the how long they will hold employee health data and are encouraged to have a decommissioning plan in place at the end of the process. The longer an organization holds sensitive data, the more at risk they are of having it stolen or misused. 

The full article is available here for CSO subscribers.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Data Protection Officer (DPO) Consultancy Services

Kroll's data privacy team provide DPO consultancy services to help you become and stay compliant with regulatory mandates.

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Third Party Cyber Audits and Reviews

Ensure that your third parties are handling sensitive data according to regulatory guidelines and industry standards with our cyber audits and reviews.