ArticlesC2 Spring 2022GDPR Is Your Covid-19 Vaccination Status Private Anymore? by Sid Dutta March 27, 2022 written by Sid Dutta The world has been dealing with the COVID-19 pandemic for two years now, and its effects have impacted us widely. Economics, health, relationships—almost every aspect of our lives has changed. We have seen lockdowns, business closures, hospitalizations and deaths, mask mandates, work-from-home, and—most anticipated, at least for most people—the stunningly rapid development of the vaccines that have provided some relief. There have also been many instances of resistance and protests against mandates to wear masks in public places. Anti-vaccine ideologies long predate COVID, so unsurprisingly, we have also seen campaigns against taking coronavirus vaccines. In many democracies, defined rights mean people have freedom to choose what is best for them, and can thus decline to get vaccinated because of sincerely held religious beliefs, or because of health reasons such as pregnancy or a disability. Without getting into or attempting to trigger any sort of discussion on that divisive topic, I want to draw attention to something a derivative issue making headlines: vaccination status disclosure. As of January 2022, about 60% of the world’s population has been vaccinated. While that represents a huge number of people—over 4.7 billion—it is insufficient to provide the desired “herd immunity”, especially with variants like Omicron evolving. As the corporate world looks toward reopening, many companies want to prioritize the health and well-being of their employees, and are thus encouraging vaccination; however, such steps are not always well received. For example, while most major Wall Street firms and other corporations have told some unvaccinated employees to work from home, allowing only vaccinated employees to enter office premises, none has yet gone as far as sacking staff. But CNN has reported that Citigroup staff in the United States who were not vaccinated against Covid-19 by January 14, 2022 would be placed on unpaid leave, and then fired at the end of the month unless granted an exemption. These decisions are coming as the industry grapples with how to bring workers back to offices safely and get back to business as usual at a time when the highly infectious Omicron coronavirus variant is spreading like wildfire. On the other side, companies like Cisco require COVID-19 shots for all U.S. staff—even remote workers. Unvaccinated employees must take unpaid leave, during which they may be fired or their jobs eliminated, says The Register. Cisco representatives have explained that the policy is prompted by President Biden’s executive order “ensuring adequate COVID safety protocols for federal contractors.” It requires suppliers to the U.S. government, such as Cisco, to ensure staff are vaccinated against COVID-19. While various court challenges could alter or reverse this directive, many businesses have embraced it as an opportunity to implement their own mandate on the grounds that their customers include the U.S. government. A handful of other major U.S. companies have introduced “no-jab, no-job” policies, including Google and United Airlines, with varying degrees of stringency. We are all aware and have witnessed how vaccination reports are mandatory to board a plane, entering a restaurant, check into a hotel, or enter a stadium to watch an event. Those requirements have stirred the pot; but when extended to affecting employability, we can expect even more pushback. Even when vaccination is not an employability criterion, some companies have vaccine mandates for employees who work in an office location. Remote or virtual employees are typically exempted, although vaccination is still required if they travel for business, attend conferences, or meet customers or coworkers face-to-face. It is clear that vaccination status is increasingly becoming a data element that must be shared, verified, scrutinized, processed, and updated on a recurring basis, and stored broadly and beyond the perimeters and realms of Protected Health Information (PHI). Per the U.S. Department of Health & Human Services, HIPAA does not prohibit or prevent: businesses or individuals from asking whether customers or clients have received COVID-19 vaccines customers or clients from disclosing whether they have received COVID-19 vaccines employers from requiring their workforce to disclose whether they have received COVID-19 vaccines—whether to the employer, clients, or other parties covered entities or business associates from requiring workforce members to disclose to their employers or other parties whether they have received COVID-19 vaccines Vaccination status is not a protected category under federal or most state anti-discrimination laws. However, Montana recently became the first state to ban workplace discrimination based on immunization status, and some other states are considering legislation that would do the same. GovDocs reports that Montana’s law means employers may not discriminate against, refuse to employ, or bar an individual from employment based on whether the individual has been vaccinated or holds an immunity passport. Specifically, it prohibits employers from requiring employees to receive “any vaccine whose use is allowed under an emergency use authorization” “Vaccination status” is defined under their law as “an indication of whether a person has received one or more doses of a vaccine.” It is unclear how the full approval—removing the “emergency use authorization” status—of both the Moderna and Pfizer vaccines will affect the Montana law. If these moves turn into federal or state laws—if vaccination status, and its proof, becomes a pre-requisite for someone to get hired or retain their employment—then not only will it become challenging for someone to hold on to ideologies against vaccination, but employers will also face discrimination lawsuits from such employees. PHI (protected health information) is any health information that can be tied to an individual. This is only important for organizations in industries covered by HIPAA privacy and security rules. HIPAA (The Health Insurance Portability and Accountability Act) requires covered entities to implement safeguards to ensure the confidentiality, integrity, and availability of protected health information. PII (personally identifiable information) is any data that could potentially identify a specific individual—regardless of whether it is used for healthcare purposes. Privacy laws and regulations that deal with personal information typically do not distinguish PHI from PII, but will most likely have to start to do so if businesses are going to use vaccination status of an individual as a pre-requisite for getting or retaining employment. Obtaining consent from the data subjects—one of the rights of the data subjects under various privacy regulations—to collect their vaccination status, and subsequently how it’s stored, protected, processed shared, etc., will most likely no longer be a necessary for employers. Until the dust settles around legislation around soliciting, collecting, assessing, and making business decisions involving individuals, employees, customers, associates, et al, vaccination status stands out as an outlier in the human resources policy matrix of privacy, discrimination, health and well-being. So, is vaccine status a new crown jewel of sensitive information (whether in the PHI or PII bucket) that cannot be concealed, given that it will be involved in so many aspects of our lives? This remains to be seen! Thoughts, viewpoints, and opinions are welcomed. March 27, 2022 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022CloudDevOpsHPE GreenLake Infrastructure-as-code on HPE GreenLake using Terraform by Didier Lalli March 27, 2022 by Didier Lalli March 27, 2022 Setting up a API Client access Next, you need to create a new API Client access dedicated to Terraform. You can do this from the HPE GreenLake console under your settings icon, identity & Access, and then the API Clients tab. Create a new API Client (hpedev-hackshack-terraform in the … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Security Customer Success Story: Seamless and Secure Work From Home Solution at AMOCO Federal Credit Union by Alexandria Boecker March 27, 2022 by Alexandria Boecker March 27, 2022 “Mobius is a trusted partner. To me that’s the most important part is the trust. I know they’re going to get the job done. I know they’re not going oversell me on anything. It’s been a great partnership. 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022HPE Ezmeral Bidtellect reports 4 data management and analytics benefits using HPE Ezmeral by Hewlett Packard Enterprise March 27, 2022 by Hewlett Packard Enterprise March 27, 2022 –Fast and easy migration to HPE’s data fabric saves money and improves performance, functionality, and security– As is true for many companies that started their big data strategy on Hadoop and have been using it for years, Bidtellect was unexpectedly presented with a high renewal bill for support from … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022GDPR Why We Comply with Data Privacy Laws and Standards by Thomas Gloerfeld March 27, 2022 by Thomas Gloerfeld March 27, 2022 The answer is really simple, right? Governments pass laws that mandate certain rules be followed and infuse a punitive measure for those people or organizations not in compliance with the regulation in question. 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Storage HPE Enterprise Storage, Encryption, Compliance, and Key Management by Manish Upasani March 27, 2022 by Manish Upasani March 27, 2022 Hewlett Packard Enterprise is known for its enterprise solutions in the storage ecosystem to effectively store customer data and provide all the mechanisms to protect the data it stores. There are too many attack vectors that can lead to a successful compromise, if not protected against. One of the … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Digital Transformation NuWave Customer Success Story – How RedLink is using LightWave Solutions to integrate and modernize by Gustavo Martinez March 27, 2022 by Gustavo Martinez March 27, 2022 Red Link is the biggest transactional switch in Argentina, processing transactions from ATMs and digital wallets. Red Link is owned by a group of public and private banks that service most of Argentina’s population. 0 FacebookTwitterPinterestEmail
ArticlesArtificial IntelligenceC2 Spring 2022 AI Adoption in the Enterprise by Frederic Van Haren March 27, 2022 by Frederic Van Haren March 27, 2022 Not all enterprises have reached the same Artificial Intelligence (AI) maturity level. The group consisting of large enterprises are the early adopters of the technology. 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022Security Biggest Lie in the World (and Kevin’s Famous Chili Recipe) by Beth Ziesenis March 27, 2022 by Beth Ziesenis March 27, 2022 He spilled the whole batch in the lobby, and no one got a bite. But that doesn’t mean his famous recipe is gone forever. A clever TikTok-er revealed that Peacock TV’s terms and conditions includes Kevin’s chili recipe buried in the tiny print as a reward for the very, … 0 FacebookTwitterPinterestEmail
ArticlesC2 Spring 2022 Managing Complexity in a World Upside Down by Gaye Clemson March 27, 2022 by Gaye Clemson March 27, 2022 In my role as an orchestrator helping cross-functional team leaders enable transformational change, it’s been interesting to reflect on how often the topic of complexity comes up. And yet, when I ask ‘Tell me how you are defining complexity? 1 FacebookTwitterPinterestEmail