Header graphic for print
Workplace Privacy, Data Management & Security Report

Category Archives: Workplace Privacy

Subscribe to Workplace Privacy RSS Feed

Connecticut Enacts SB 949 Requiring One Year of Free Identity Theft Protection Services For Certain Data Breaches

Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October 1, 2015,… Continue Reading

Connecticut May Require Businesses to Offer One Year of Identity Theft Protection Services Following a Data Breach, Joining Other States in Strengthening Notification Laws

Following a string of states across the country that have strengthened their data breach notification laws in recent months, Connecticut is about to amend its law to require, among other things, that businesses provide one year of identity-theft protection for persons affected by the breach. Many businesses already extend such services to breach victims, but,… Continue Reading

States Continue to Protect the Personal Social Media Accounts of Employees, with Oregon Likely to Add an Interesting Twist

Over the past few years, states around the country have enacted laws limiting an employer’s ability to access the personal social media accounts of applicants and employees. Earlier this year, Montana’s Governor Steve Bullock signed HB 342 into law. Before that, Virginia enacted a similar measure. On May 19, Connecticut’s Governor added the Nutmeg state to… Continue Reading

SEC’s Division of Investment Management Issues Cybersecurity Guidance

In Guidance Update No. 2015-02, the Division of Investment Management (Division) of the Securities and Exchange Commission (SEC) issued some high-level suggestions concerning the importance of cybersecurity for registered investment companies and registered investment advisers. The guidance outlines a number of measures these entities should consider for addressing cybersecurity risks. Of course, while some of these and other measures may have… Continue Reading

Next Step in U.S. Postal Service Breach – NLRB Sues Postal Service

As discussed in an earlier post, shortly after the United States Postal Service reported a data breach potentially affecting hundreds of thousands of  employees, the American Postal Workers Union filed an unfair labor practice with the National Labor Relations Board alleging the Postal Service should have bargained with the union over the impact and response to the… Continue Reading

Employee Apps = Employer Data Risk?

Many mobile app developers do not place a high priority on data security, as illustrated by a recent IBM/Ponemon study: Fifty percent of mobile app developers have no budget for security. Forty percent of companies don’t scan mobile app codes for vulnerabilities. The average company tests less than half of the apps it builds for… Continue Reading

Illinois Attorney General Seeks Stronger Data Breach Notification Law, Requirement to Safeguard Personal Information

Reacting to a report that identity theft was a top concern for Illinois residents (second in a list of ten), Attorney General Lisa Madigan announced a legislative proposal to strengthen the state’s existing data breach notification law. The call for stronger breach notification laws is a trend that has emerged in other states, such as… Continue Reading

Secretary in Germany Successfully Challenges Employer’s Monitoring…Is Your Monitoring Program Defensible?

According to a report by Deutsche Welle, the German Federal Labor Court held that employers may monitor employees only when they have concrete suspicions of wrongdoing that are based on fact. In the U.S., the standards for engaging in monitoring employees may not be quite that high, but employers should be thinking about whether a… Continue Reading

Employer FAQs: Responding to the Anthem Breach

The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note… Continue Reading

Top 15 for 2015 – Happy National Data Privacy Day

In honor of National Data Privacy Day, we provide the following “Top 15 for 2015.”  While the list is by no means exhaustive, it does provide some hot topics for businesses to consider in 2015. Inside Threats for Healthcare Providers and Business Associates.  While news reports of security risks often focus on hackings and breaches… Continue Reading

“Employees Must Be Permitted To Use Company Email for Statutorily Protected Communications” -NLRB

We reported earlier that the National Labor Relations Board had been considering changing its previous position that  “employees have no statutory right to use the[ir] Employer’s e-mail system for Section 7 purposes.”  The NLRB’s position in this regard was established in 2007, under the NLRB’s ruling in Register Guard.  Today, in Purple Communications Inc. and… Continue Reading

OCR Issues Ebola Guidance on HIPAA Privacy

According to the New York Times, Bellevue Hospital Center patient Craig Spencer, the first New Yorker to be infected with Ebola, is scheduled to be released today. And while the intense reporting about Ebola has subsided, perhaps indicating a lowering of the perceived threat of Ebola spreading further in the U.S. (although many continue to… Continue Reading

Tough Future for Shirking?

The October 25, 2014 issue of the Economist, a U.K. business news periodical, contains a tongue-in- cheek guide to “skiving,” which apparently is the British word for shirking on the job. The piece highlights the challenge and opportunity created by new technology for employees who want to pretend to work, rather than work. It notes:… Continue Reading

On the Heels of FTC, FCC Joins GPEN to Better Watch Data Abroad

Data is rarely still. It is captured, processed and moved around the world at speeds we wouldn’t have dreamed possible 20 years ago. Data often disrespects borders. By way of example, companies often mistakenly store personal data in the cloud to be accessed by multiple international locations, without considering the legal rights of the data… Continue Reading

Ebola Presents Significant Workplace Challenges

We addressed the dangers of “snooping” into patient records by hospital workers spurred by incidents of Ebola and Enterovirus D-86 in the U.S. Of course, the workplace challenges created by Ebola, Enterovirus D-86 and other contagious diseases and illnesses in the workplace go far beyond snooping, and far beyond healthcare employers. Employers in all industries are facing dilemmas in… Continue Reading

Enterovirus D-68 and Ebola Cases Raise Privacy Concerns for Healthcare Providers and their Workers

On September 25, a four-year old boy from New Jersey died of Enterovirus D-68, reports myfoxphilly.com. Increasingly, there are reports about potential Ebola cases in the U.S. Naturally, the spread of infectious disease raises concern for everyone, particularly for healthcare workers who want to do their jobs, and also protect their families. There are already… Continue Reading

Delaware Joins List of States Regulating Data Disposal

On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information.  The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. The new law defines personal identifying information as an employee’s first name or first initial… Continue Reading

HIPAA Reminders – Business Associate Agreement Deadline and Continuation of OCR Audits

I recently had the pleasure of speaking to a great group at the Connecticut Assisted Living Association (CALA) about HIPAA and a range of related practical issues. Many covered entities and business associates, particularly those that are small businesses, continue to work on understanding the privacy and security standards, and how to best apply them in their… Continue Reading

A Broadened Crackdown on EU/U.S. Safe Harbor Violations

In the wake of the Edward Snowden’s intelligence leaks and increasing concerns about the use of personal information, the Center for Digital Democracy recently filed a Fair Trade Commission complaint alleging that 30 US Databrokers and data management firms had violated the European Union’s Privacy Directive Safe Harbor framework.  According to the CDD, the collection… Continue Reading