For organizations who collect personally identifiable information, effectively preventing data breaches will require an understanding of how they...
Secure Collection of Vaccination Data Using Request Portals
Globally, businesses of all sizes are requiring proof of vaccination while complying with the different privacy legislation requirements by region and country. FileInvite helps organizations securely collect vaccination data using request portals. It's easy - your organization creates an account, uploads the contact details of who needs to receive the request, creates a message for the recipients with the required details and what needs to be provided — and that’s it.
The good news on the COVID-19 pandemic front is that COVID-19 vaccination rates are up as vaccines have become more widely available around the world. Showing proof of vaccination has been part of the reopening efforts as many employers, universities, airlines, and retail establishments are relaxing public health restrictions with increased requirements. As people are returning to in-person work, schools, restaurants, travel, gyms, or the opera, a person’s vaccination status is becoming increasingly important for entry.
Managing Vaccination Data
Many countries are turning to the implementation of digital health certificates, or vaccine passports, “to ensure short- and long-term data protections, especially as more private companies are either collecting or requiring vaccination data,” according to the Brookings Institution. Increasingly, businesses of all sizes are requiring proof of vaccination while complying with the different privacy legislation requirements by region and country. In the United States, under federal mandate, the U.S. Department of Labor has required businesses with 100+ employees to ensure employees are vaccinated or tested weekly.
Worldwide, countries are navigating vaccination status and privacy laws that protect individuals, especially the EU and other countries that need to comply with the General Data Protection Regulation (GDPR) law. Under GDPR, employees’ vaccination status is considered personal data, a category “with more stringent data protection measures due to the sensitive and personal nature of data, and can only be processed in very limited circumstances.”
“When systems move from voluntary to mandatory, that’s when you have to really sit up and pay extra attention, and that’s where we are right now. There are millions of people who just ended up with mandatory vaccination requirements, which means mandatory use of some kind of vaccine credentialing system,” said Pam Dixon, executive director of the World Privacy Forum.
How to Best Comply with Regional and Global Regulations
How do organizations around the world comply with these types of rules and regulations, as part of their day-to-day business? Emails to HR would be the logical choice, but this could mean tens, hundreds, or even thousands of emails containing sensitive personal information attached in an unsecured format. There is no guarantee that the emails would reach the correct person every time – and they could even be mistakenly shared with others, which could be a violation of privacy regulations.
One option for organizations to meet strict regulatory laws while protecting users’ sensitive data is to use FileInvite’s one-way portal to ensure data security. Users can send a request that will guarantee the security of the request and return of this very sensitive data. Data is stored in the cloud in encrypted servers and is GDPR- and SOC 2-compliant. Access to the records is protected through user roles and other security controls such as passwords and two-factor authentication. What’s more, FileInvite enables users to be able to check records of who has accessed the data and when, so organizations have both total control and complete access to records for auditing purposes.
Secure Portal, Simple Set-Up
How FileInvite works is that an organization creates an account, uploads the contact details of who needs to receive the request, creates a message for the recipients with the required details and what needs to be provided — and that’s it. A private admin portal is used to see who has responded and who hasn’t, while automatic reminders prompt until the process is complete. Staff or customers receiving the request get their own private web portal to upload the documents. If they have questions, they can send messages via the portal directly to the sender for quick responses. Because document management is secured online, physical security concerns are removed and sensitive data, such as proof of vaccination status, remains secure and private. If required, businesses can even create online forms attached to the request, to be completed and signed digitally.
To see how your organization can implement FileInvite today to better manage sensitive data transfer and storage, learn more and start your free trial today.