Skip to content
Compliance & Risk

Privacy by Design: How is the COVID-19 pandemic impacting companies’ privacy and security programs?

Leslie Stevens  Director & Global Privacy Counsel / Edwards Lifesciences.

· 5 minute read

Leslie Stevens  Director & Global Privacy Counsel / Edwards Lifesciences.

· 5 minute read

The pandemic has brought changes to almost every aspect of how corporations operate, but the impact on privacy and security programs may be most profound.

In April 2020, Microsoft CEO Satya Nadella said the company had seen two years’ worth of digital transformation in two months.

It’s not surprising—the world has seen an unparalleled shift to digital interactions across personal and business platforms, from strong adoption of virtual fitness platforms to new ways of engaging with doctors and government agencies, and the now commonplace use of online collaboration platforms such as Microsoft Teams and Zoom. At the same time, the events of the last year has further eroded individuals’ trust in our institutions and private sector organizations, both because of the real-world damage the pandemic has wrought, and in the digital realm, the chaos caused by data breaches that have become as ubiquitous as the online platforms we continue to use in spite of our mistrust.

So, what message does your organization’s digital presence and virtual interactions with stakeholders send? Does the digital experience convey trust, leading stakeholders to believe you are a responsible steward of their data? What does trust mean in the digital environment, and how does it relate to privacy and security?

If data is the new lifeblood of organizations, then it is critical you ensure the security of your stakeholders’ data, remain transparent in how and why you use their data, and respect their privacy preferences. By adopting these few fundamental privacy and security principles, your organization can enhance stakeholder experience, brand loyalty, and advocacy.

Prior to March 2020, many organizations were focusing their privacy and security programs on ensuring compliance with the European Union’s General Data Protection Regulation (GDPR), while ramping up their approach to emerging regulations such as California’s Consumer Privacy Act and Brazil’s Lei Geral de Proteção de Dados (the General Personal Data Protection Law). When the COVID-19 pandemic hit, organizations’ priorities necessarily shifted, leaving many privacy professionals to wonder if data privacy would take a backseat to more pressing concerns.

Now, a year into the pandemic, many of those privacy and security professionals would likely respond that client demand for their guidance and expertise has only increased as we all continue to operate in this increasingly virtual world.

Digital acceleration during the pandemic

Wherever an organization was in their digital transformation journey prior to the pandemic, those efforts accelerated at an unplanned and often uncomfortable speed in the last year.

In pivoting to almost entirely remote workforces, and finding new ways to continue engaging with stakeholders, organizations became more reliant on digital technologies — some familiar and some new. Adoption of new technologies (quickly) presents privacy and security issues, requiring cross-functional diligence and agility to address them amid the current conditions. Now, more than ever, an organization’s digital presence will play a critical role in maintaining stakeholder engagement and trust in your products and services as well as the teams that deliver them.


Although the continued emergence of global privacy laws already elevated privacy and information security to board room topics, the pandemic further underscores the need for robust and dynamic approaches to operationalize privacy in a way that enhances stakeholder relationships and client experiences with your organization. Your privacy and security teams can play a critical role in how your organization presents itself as a trusted and responsible data steward to your stakeholders, ensuring that your adoption of new technologies does not sacrifice data security, transparency, or your respect for their preferences.

Privacy and security by design

Embedding the key principles of privacy and information security into how your organization operates—keeping data secure, being transparent about your digital practices, and respecting preferences—is imperative to succeeding now and in the future.

The accelerated pivot to digital technology precipitated by the pandemic has provided access to an unprecedented amount of data for organizations. With the fundamental role privacy and security teams play in performing due diligence on new technologies, as well as their implementation, organizations should seize this opportunity to move the conversation beyond the tick the box mentality that regards privacy and security solely as a means to compliance.

Equally, individuals are more aware of this fact and what it means for their privacy. Whether your stakeholders are individual consumers, corporate customers, or the public, how you treat their data, and (perhaps more importantly) their perception of how you treat their data, will impact whether they choose to engage with you now and in the future.

It’s important to remember that, in the minds of many of your clients, compliance with applicable privacy law is simply the ground floor. The next level and real benefit to your organization can only come from understanding how a robust privacy and security program can be leveraged to enhance your relationships with stakeholders, whether those are customers, employees, or the public.

In the next articles in this series, we will explore how corporations, the public sector, academia, and legal and accountancy firms can use robust privacy and security practices to enhance their interactions with their stakeholders and, ultimately, engender trust in their organization.

In a multi-part series, Privacy by Design, author Leslie Stevens looks at privacy and data security issues at corporations, government entities, law firms, and tax & accounting firms.

More insights