Guidance for COVID-19 Privacy Regulations
Around the world, government entities and healthcare organizations are working to keep track of not only who has COVID-19 but also who has come in contact with those who have the virus. This is necessary in order to slow the spread. This means collecting personally identifying information (PII) and following any applicable privacy regulations. Below is a list of countries and the privacy regulations that are applicable when gathering PII for the purpose of tracking COVID-19.
Last updated December 9th, 2020
The information provided on this web page does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this page is for general informational purposes only. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; Iron Mountain does not recommend or endorse the contents of the third-party sites. Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed.
The COVID-19 pandemic is challenging how organisations operate and manage information. Many have begun conducting health screenings of employees, customers, and visitors to identify potential cases of COVID-19 and track who has come into contact with those who have the virus.
It is important for organisations to manage the risk of collecting, processing, and disclosing personal data – and especially personal health data. Regulators and Data Privacy Authorities (DPAs) are continuously adding and updating guidance for handling personal data during the COVID-19 pandemic. To help you monitor evolving requirements, we have provided a comprehensive overview of worldwide regulatory and DPA guidance. Click on the arrow to the right of each country for information and guidance.