The CIO Strategy Council is putting the call out to its stakeholders to provide input on its latest proposed standard for the responsible use of contact tracing and monitoring data in the workplace.
In a recent post on LinkedIn, the council noted the drafted proposal is in response to “an urgent need to maintain the health of employee as COVID-19 restrictions loosen and businesses reopen.”
The proposed standard applies to the governance of current and future use of data that is created, collected, stored or controlled by contact tracing and monitoring solutions. It also applies to the management processes and decisions related to data security and privacy within and between organizations.
The standard doesn’t cover the use of contact tracing, monitoring and surveillance solutions applied to public health.
In case you missed it:
Ontario to create Data Authority to securely house provincial information [Full story]
“While this Specification was developed to mitigate the spread of an infectious disease in the workplace, the requirements and principles may be applied for other uses,” the council says on its website.
- Collected personal data is sufficient to properly fulfil the intended purpose.
- Only relevant data with a direct link to the purpose is collected.
- The collection is limited to only what is necessary, no unnecessary data is collected and data is held only as long as necessary for the purpose.
The First Edition of CIOSC/PAS 100-6:2021, Data Governance – Part 6: The responsible use of digital contact tracing and monitoring data in the workplace, can be accessed here.
The deadline for comments is May 19.