Privacy

• Employers have a duty to ensure the health and well-being of their employees. In the context of COVID-19, they have specific duties related to the prevention and control of the spread of the pandemic. 
• Employers must consult and learn about workers who are infected or present symptoms. 
• It is prohibited to use sensitive data –such as data relating to the health of individuals–except with the individual's consent, or in cases of medical or sanitary emergency (always observing data protection laws and the highest standards of security).

Cybersecurity

COVID-19 has led companies to implement flexible working models for their employees, including working-from-home, which increases the likelihood of cybersecurity incidents. In this regard, the following is recommended:

• Companies must enhance not just their technological (firewalls, VPN, proxy) measures, but also the organizational (internal protocols, trainings) and legal (contractual duties, insurance) instances, to ensure security and confidentiality of their information. 
• Deploy protocols for implementing additional special duties of care and confidentiality upon employees, as well as special powers of surveillance and control for companies. 
• Remote training for employees on information security in these new working-environments, as well as to establish periodic evaluation reports that allow the traceability of measures implemented by the company.

Electronic signature

Phenomena such as teleworking prevent companies from physically concluding contracts and legal instruments. This is a huge challenge at a time when companies require great swiftness and resolve to perform their regular activities. To this end, it is important to consider:

• Contracts signed through data messages, such as the Internet and e-mail, are enforceable.
• Companies must ensure that the method of signature via data messages is reliable and appropriate. A signature is considered to be "reliable" when the signature creation data belong exclusively to the signatory, and mechanisms are in place to detect unauthorized alterations to the data message. 
• Scanned signatures are not regulated in Colombia and does not enjoy the presumptions and privileges that the law affords to digital or electronic signatures.