COVID-19: Business Continuity Planning in a Pandemic: Advice from a Privacy Expert

Ale Brown, Kirke Management Consulting

The pandemic has really pushed big changes in how we do business. But a stark one has been how businesses continue running as smoothly as possible while still maintaining physical distancing.

A key element of corporate risk management impacting your reputation is business continuity and disaster recovery. Yet, it is one of the areas that are usually relegated to a low priority - if it is a priority at all. 

In sectors prone to major operational crises or more likely to be impacted by natural disasters, recovery has usually been an important part of risk management and business strategy. Not so much for organizations that only rarely experience disruptions.

Ensuring that employees can continue their day-to-day activities without major snags has been a key focus in the last month. And good news: the use of cloud computing has helped enable a smoother transition so staff can be safe and “work from anywhere.” But from a corporate perspective, the complexity of IT infrastructure including hardware and software, data and systems has made it difficult, in some cases, to enforce policies and procedures in place. 

Questions to consider are:

• Are employees following secure protocols to access and share personal information when they are at home?
• Are they, unknowingly, exposing the organization to a privacy breach?

Given this, what are the three key activities that you need to keep in mind to be “disaster-ready”?

1. Ensure you have a Business Continuity Plan. Identify how your business can continue running under different circumstances, how to identify situations that will trigger the plan and key roles and responsibilities to execute it.
2. Have regular tabletop exercises. Plans look wonderful on paper. But what about real life? Performing simulations can help you identify where the plan is unrealistic and how to improve it.
3. Protect your data regardless of where it resides. Whether it is on the cloud or at your data centre, make sure that protection of data and practices are in place to ensure data integrity, availability and confidentiality remain intact. This is especially important for personal information. The last thing you need in a time like this is to experience a privacy breach.

One of the biggest lessons that organizations will learn from this unprecedented situation is that you have to prepare for the unexpected. COVID-19 has taught us that even worst case scenarios are no longer a matter of “if” but of “when”.

If organizations are not prepared to respond proactively, adapt and ensure that their business, including privacy policies, can withstand changes in the environment, the trust that their customers put on them will be diminished. Be prepared, have a clear plan in place and be ready to execute at a moment’s notice.