As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022:
1. California Consumer Privacy Act FAQs: Employment Information
As the California Privacy Rights Act moves toward taking effect and exceptions applying to employment-related data expire, employers have questions about handling privacy when it comes to employee information.
The Office for Civil Rights (OCR) recently announced four enforcement actions, one against a small dental practice that imposed a $50,000 civil monetary penalty under HIPAA. The OCR alleged the dentist impermissibly disclosed a patient’s protected health information (PHI) when the dentist responded to a patient’s negative online review.
3. California Tightens Rules on Vehicle Tracking, Fleet Management
In September 2022, Governor Gavin Newsom signed into law AB-984, which becomes effective January 1, 2023. The law builds on other privacy protections in California, such as the California Consumer Privacy Act and Penal Code Sec. 637.7. Section 637.7 prohibits using an electronic tracking device to determine the location or movement of a person; however, it does not apply when the vehicle owner (e.g., the employer) has consented to the use of the device.
4. Does Your Cyber Insurance Policy Look More Like Health Insurance?
Many factors are driving up the cost of cyber insurance policies including increases in ransomware attacks and the cost of business interruption from those attacks. Moreover, carriers are giving more scrutiny to the practices and procedures of the companies they insure. As such, companies need to consider their cyber security controls to assist in obtaining and maintaining coverage.
On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State
6. The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
There is a basic principle of data protection that when applied across an organization can significantly reduce the impact of a data incident – the minimum necessary principle. A data breach reported late last year by the Rhode Island Public Transit Authority (RIPTA) highlights the importance of this relatively simple but effective tool.
7. From Time Keeping to Dashcams, BIPA Litigation Continues
Litigation under the Illinois Biometric Information Privacy Act (BIPA) continues to heat up, encompassing litigation about timekeeping systems that use fingerprints to dashcams.
8. Utah Becomes Fourth State to Enact A Comprehensive Privacy Law
Utah joined California, Colorado, and Virginia in passing a consumer privacy statute, the Utah Consumer Privacy Act takes effect on December 31, 2023.
9. Does a Poor ESG, Social Responsibility Rating Increase an Organization’s Cyber Risk?
With ransomware and other cyber threats top of mind for most in the c-suite these days, a question frequently raised is whether a particular organization is a target for hackers. Of course, nowadays, any organization is at risk of an attack, but the question is whether some organizations are targeted more than others. An Insurance Journal article discusses a paper published in September 2021 that identifies a factor that could elevate the risk of being targeted, a factor many in cyber might not have expected, “greenwashing.”
10. Connecticut Likely to Become Fifth State to Enact Comprehensive Consumer Privacy Law
Connecticut prepared and eventually passed the “Act Concerning Personal Data Privacy and Online Monitoring” Act which will take effect July 1, 2023.
Jackson Lewis will continue to track information related to privacy regulations and related issues. For additional information on these topics, please reach out to a member of our Privacy, Data, and Cybersecurity practice group.