As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022:
As the California Privacy Rights Act moves toward taking effect and exceptions applying to employment-related data expire, employers have questions about handling privacy when it comes to employee information.
The Office for Civil Rights (OCR) recently announced four enforcement actions, one against a small dental practice that imposed a $50,000 civil monetary penalty under HIPAA. The OCR alleged the dentist impermissibly disclosed a patient’s protected health information (PHI) when the dentist responded to a patient’s negative online review.
In September 2022, Governor Gavin Newsom signed into law AB-984, which becomes effective January 1, 2023. The law builds on other privacy protections in California, such as the California Consumer Privacy Act and Penal Code Sec. 637.7. Section 637.7 prohibits using an electronic tracking device to determine the location or movement of a person; however, it does not apply when the vehicle owner (e.g., the employer) has consented to the use of the device.
Many factors are driving up the cost of cyber insurance policies including increases in ransomware attacks and the cost of business interruption from those attacks. Moreover, carriers are giving more scrutiny to the practices and procedures of the companies they insure. As such, companies need to consider their cyber security controls to assist in obtaining and maintaining coverage.
On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State
There is a basic principle of data protection that when applied across an organization can significantly reduce the impact of a data incident – the minimum necessary principle. A data breach reported late last year by the Rhode Island Public Transit Authority (RIPTA) highlights the importance of this relatively simple but effective tool.
Litigation under the Illinois Biometric Information Privacy Act (BIPA) continues to heat up, encompassing litigation about timekeeping systems that use fingerprints to dashcams.
Utah joined California, Colorado, and Virginia in passing a consumer privacy statute, the Utah Consumer Privacy Act takes effect on December 31, 2023.
With ransomware and other cyber threats top of mind for most in the c-suite these days, a question frequently raised is whether a particular organization is a target for hackers. Of course, nowadays, any organization is at risk of an attack, but the question is whether some organizations are targeted more than others. An Insurance Journal article discusses a paper published in September 2021 that identifies a factor that could elevate the risk of being targeted, a factor many in cyber might not have expected, “greenwashing.”
Connecticut prepared and eventually passed the “Act Concerning Personal Data Privacy and Online Monitoring” Act which will take effect July 1, 2023.
Jackson Lewis will continue to track information related to privacy regulations and related issues. For additional information on these topics, please reach out to a member of our Privacy, Data, and Cybersecurity practice group.