One of the industries perhaps hardest hit by the coronavirus, the travel industry, received welcomed news late last week in the form of CDC guidance stating that people fully vaccinated against COVID-19 can resume domestic travel and do not need to get tested for COVID-19 before or after travel or self-quarantine after travel.

According to the guidance, released on April 2, 2021, fully vaccinated people need not get tested before leaving the United States (unless required by the destination) or self-quarantine after returning to the United States (unless required by state or local law). With the increasing rate of vaccinations, this is another encouraging sign of a steady approach to some sense of a normalcy, though there are lots of questions about what travel will look like in the months and possibly years ahead.

This change from the agency’s previous recommendation that people “delay travel and stay home,” according to the Washington Post, is based largely on “newly released studies showing the real-world effectiveness of the vaccines.” For example, one study showed the second dose of the COVID-19 vaccine reduced infection risk by 90 percent. Highlighting the demand for travel, the Washington Post notes TSA officials reported 26 days in March when more than a million people moved through security checkpoints, compared to only 124,021 on April 1, 2020.

So, what will travel look like going forward?

An option may be a “vaccine passport” or similar arrangement whereby a person’s vaccination status or other related information can be verified. According to CNN, although the White House has said it is not planning to maintain a central vaccinations database, officials are “working with a range of companies on establishing standards” for people to show they have been vaccinated. Other countries also are working on “vaccine passport”-type technology to facilitate travel while containing COVID-19.

A vaccine passport likely will involve a massive collection of individuals’ personal information, a price many may be willing to pay for vacation or work-related travel. Some involved in efforts to build such systems acknowledge the challenges, ranging from ensuring the systems work correctly to preventing identity theft and fraud. The World Health Organization echoed these concerns in a recent bulletin discussing similar technology it refers to as “immunity passports”:

While there may be limits to maintaining personal immunity certification information as private and confidential, measures should be implemented to minimize confidentiality breaches and non-consensual identification to reduce privacy concerns and protect nonimmune-certified individuals from any potential stigma and harm.

With business travel likely to increase, businesses quick to adopt a vaccine passport or similar system will have their own issues to consider concerning the privacy and security of their employees data and use of such systems, particularly in connection with international travel as the standards and requirements may be different.

Data privacy and security challenges are but one concern as travel in a post-COVID vaccination world picks up. Continued concern over COVID-19 variants combined with slow inoculation rates in many countries mean that U.S. consulates (which issue travel visas enabling international travelers to come to the U.S.) may be unable to keep up. Over the past year, international travel bans have proliferated across the world , starting with the travel bans and visa bans put into place beginning on March of 2020 by the Trump administration which were quickly followed by a succession of travel bans in other countries. The resulting patchwork of travel bans and rules resulted in shutting down most international travel to the United States, as well as worldwide, which has created a backlog of cases at U.S. consulates. Consulates have been operating at reduced staff for health and safety reasons and have struggled to implement the ever-changing travel bans. Throughout the last year the processing times for visa processing have steadily increased, if a visa was available at all. As travel opens up, adding a “vaccine passport” to the long list of travel requirements for obtaining a visa will further strain the consulates if they will be expected to implement it. Although consulates are familiar with handling personal identifying information, after all a visa application covers practically every personal biographical detail of the applicant’s life, a vaccine passport is an entirely new thing. How any such requirement would be balanced against the economic and business needs for travel is anyone’s guess.

As organizations reimagine how they do business, and now how travel will fit in to that mix, the list of things that need to be considered before getting on the road again continues to expand.

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP)…

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Privacy and cybersecurity experience – Joe counsels multinational, national and regional companies in all industries on the broad array of laws, regulations, best practices, and preventive safeguards. The following are examples of areas of focus in his practice:

  • Advising health care providers, business associates, and group health plan sponsors concerning HIPAA/HITECH compliance, including risk assessments, policies and procedures, incident response plan development, vendor assessment and management programs, and training.
  • Coached hundreds of companies through the investigation, remediation, notification, and overall response to data breaches of all kinds – PHI, PII, payment card, etc.
  • Helping organizations address questions about the application, implementation, and overall compliance with European Union’s General Data Protection Regulation (GDPR) and, in particular, its implications in the U.S., together with preparing for the California Consumer Privacy Act.
  • Working with organizations to develop and implement video, audio, and data-driven monitoring and surveillance programs. For instance, in the transportation and related industries, Joe has worked with numerous clients on fleet management programs involving the use of telematics, dash-cams, event data recorders (EDR), and related technologies. He also has advised many clients in the use of biometrics including with regard to consent, data security, and retention issues under BIPA and other laws.
  • Assisting clients with growing state data security mandates to safeguard personal information, including steering clients through detailed risk assessments and converting those assessments into practical “best practice” risk management solutions, including written information security programs (WISPs). Related work includes compliance advice concerning FTC Act, Regulation S-P, GLBA, and New York Reg. 500.
  • Advising clients about best practices for electronic communications, including in social media, as well as when communicating under a “bring your own device” (BYOD) or “company owned personally enabled device” (COPE) environment.
  • Conducting various levels of privacy and data security training for executives and employees
  • Supports organizations through mergers, acquisitions, and reorganizations with regard to the handling of employee and customer data, and the safeguarding of that data during the transaction.
  • Representing organizations in matters involving inquiries into privacy and data security compliance before federal and state agencies including the HHS Office of Civil Rights, Federal Trade Commission, and various state Attorneys General.

Benefits counseling experience – Joe’s work in the benefits counseling area covers many areas of employee benefits law. Below are some examples of that work:

  • As part of the Firm’s Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans to comply with ERISA, IRC, ACA/PPACA, HIPAA, COBRA, ADA, GINA, and other related laws.
  • Guiding clients through the selection of plan service providers, along with negotiating service agreements with vendors to address plan compliance and operations, while leveraging data security experience to ensure plan data is safeguarded.
  • Counsels plan sponsors on day-to-day compliance and administrative issues affecting plans.
  • Assists in the design and drafting of benefit plan documents, including severance and fringe benefit plans.
  • Advises plan sponsors concerning employee benefit plan operation, administration and correcting errors in operation.

Joe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets, such as The Washington Post, Inside Counsel, Bloomberg, The National Law Journal, Financial Times, Business Insurance, HR Magazine and NPR, as well as the ABA Journal, The American Lawyer, Law360, Bender’s Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy, and Data Security Law Journal.

Joe served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.