Pandemic increases risk of personal data leaks
Personal data is at risk as patients increasingly access services from health professionals through applications and remote means of communication as a result of the COVID-19 pandemic, and which could involve the collection, storage and use of such data, according to an advisory from law firm Garrigues in Mexico.
Personal data connected to a person’s present or future health condition is considered by data protection regulations as “sensitive” personal data, and if misused could cause discrimination or serious risk. and such data requires special protection, according to a note from the law firm, penned by partner Gabriela Pérez Sierra (pictured).
In addition, the processing of such data requires the express consent of the patient for its processing.
The subjects of personal data have the right to know the purposes for which their information is collected and its use, Pérez writes.
Before the controller of personal data can obtain or use it, the controller must have a privacy notice and make it available to the data subjects.
In addition to the foregoing, in accordance with Article 52 of the regulations of the Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares), in order to process personal data in services, applications and infrastructure in the so-called cloud computing, to which a controller adheres to general terms and conditions, such controller may only use those services in which the provider complies with a series of minimum requirements and mechanisms.
