Archives: Information Management

Subscribe to Information Management RSS Feed

CCPA: Employee Personal Information on the Chopping Block

How will the California Consumer Protection Act (CCPA) apply to us? This is a question 0rganizations have asked since the CCPA was first proposed. There remains a number of important questions about the scope of the Golden State’s sweeping privacy law that still need to be answered. One of those questions is whether the CCPA … Continue Reading

SEC Issues Privacy and Data Security Risk Alert

Following recent examinations of SEC-registered investment advisers and broker-dealers, the Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) published a privacy risk alert on April 16, 2019. OCIE is hoping to remind advisers and broker-dealers about providing compliant privacy and opt-out notices, and adopting and implementing effective policies and procedures for safeguarding … Continue Reading

Small Michigan Medical Practice To Close Following Ransomware Attack

Small and midsized enterprises (SMEs) continue to be targeted by ransomware, phishing and other cyberattacks; the consequences of which could be devastating. Those consequences include putting SMEs out of business, which is unfortunately the case for one small medical practice in Battle Creek, Michigan, as reported by HIPAAJournal. The reality is that the effects of these attacks … Continue Reading

Bill Which Would Expand the CCPA Private Right of Action Moves Forward

As we reported, in late February, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced Senate Bill 561, legislation intended to strengthen and clarify the California Consumer Privacy Act (CCPA). This week, the Senate Judiciary Committee referred the bill to the Senate Appropriations Committee by a vote of 6-2. This move came despite concerns raised … Continue Reading

Could This Be Your Retirement Plan?

As reported by CBC, B.C. Pension Corporation announced a data breach involving pension plan records after discovering a box containing microfiche could not be found following a recent office move. The box contained personal information (names, social insurance numbers and dates of birth) on approximately 8,000 pension plan participants. The company employed those participants during the period 1982 to … Continue Reading

Illinois BIPA Defendants May Soon Be Getting Relief…Or Not

UPDATE: As discussed below, SB2134, as introduced, would have amended BIPA to delete the language that creates a private right of action and provide, instead, that violations resulting from the collection of biometric information by an employer for employment, human resources, fraud prevention, or security purposes would be subject to the enforcement authority of the … Continue Reading

As Wearable Technology Booms, Sports and Athletic Organizations at all Levels Face Privacy Concerns

As wearable and analytics technology continues to explode, professional sports leagues, such as the NFL, have aggressively pushed into this field. (See Bloomberg). NFL teams insert tiny chips into players shoulder pads to track different metrics of their game. During the 2018-2019 NFL season, data was released that Ezekiel Elliot ran 21.27 miles per hour … Continue Reading

Why is New Jersey Updating Its Privacy and Data Security Laws?

The Garden State has been updating its data privacy and security laws and you may be wondering why. On October 28, 2018, Attorney General Gurbir S. Grewal and the New Jersey State Police the New Jersey announced statistics on the effects of data breaches in 2017 on New Jersey residents. Based on that report, here … Continue Reading

New Jersey on the Forefront of Consumer Privacy and Security Law

Since the start of 2019, New Jersey has shown it is on the forefront of consumer privacy and security law. Last week we reported on Assembly Bill 3245 (AB 3245) that would enhance the state’s data breach notification requirements. In short, if signed, AB 3245, would require businesses to notify consumers of online account security … Continue Reading

Data Privacy Day – Special Report – California Consumer Privacy Act FAQs for Employers

Happy Data Privacy Day from the Jackson Lewis Privacy, Data and Cybersecurity Team! In Honor of National Privacy Day, we are focused on what is sure to be one of the hottest issues of 2019 and present our FAQs for employers on the California Consumer Privacy Act (CCPA). As you know, data privacy and security … Continue Reading

Hurricane Florence – Another Reminder to Develop a Disaster Recovery Plan

As with prior hurricanes, Florence is a reminder to all organizations of the importance of disaster recovery planning. When a storm approaches, a business’s first concern is protecting its employees/customers, and then its physical property. However, we shouldn’t forget that a natural disaster can also destroy information and technology assets critical to its success and continuity. Key … Continue Reading

Are You Covered?

  The New Jersey State Bar Association recently met to discuss, among other things, our favorite topic: Cybersecurity. (Perhaps our esteemed Privacy, e-Communication and Data Security Practice Group chair was there….) We wanted to briefly mention two critical points discussed: Critical Point #1: The biggest risk out there is employees. We employees click on all … Continue Reading

New FTC Report Makes Security Recommendations to the Mobile Device Industry

Securing data held by mobile devices is largely reliant upon technology, and a recent report by the Federal Trade Commission (“FTC”) takes aim at how that technology can be both improved and better utilized. The report, published in February 2018 and titled, Mobile Security Updates: Understanding the Issues, presents findings based upon information requested by … Continue Reading

ABA Gets Lawyers Heightened Protections for Device Searches at International Borders

U.S. Customs searches have become increasingly invasive over the years. Pursuant to Department of Homeland Security (DHS) policy, U.S. Customs and Border Protection (CBP) operates under the “broad search exception”, which allows searches and seizures at international borders or an equivalent (e.g. international airports) without probable cause or a warrant. CBP’s searches are deemed “reasonable” … Continue Reading

Top 10 for 2018 – Happy Data Privacy Day

This Sunday, January 28, is Data Privacy Day, which Congress recognized on Jan. 27, 2014, when it adopted S. Res. 337, supporting the designation. As noted by the National Cyber Security Alliance, Data Privacy Day began in the United States and Canada in January 2008, an extension of the Data Protection Day celebration in Europe. Don’t … Continue Reading

Connecticut Supreme Court: Health Care Providers Can Be Sued for Unauthorized Disclosures of Confidential Information

Physician practices and other health care providers respond to numerous requests for confidential patient information from patients and others. Mistakes made by employees fulfilling such requests for medical records or making similar disclosures can expose the practice to civil litigation. A recent decision by the Connecticut Supreme Court (Byrne v. Avery Center for Obstetrics and … Continue Reading

North Carolina AG Proposes Stronger Breach Notification and Personal Information Safeguard Requirements

Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state residents from becoming victims of identity theft. To do so, the “Act to Strengthen Identity Theft Protections” (see fact … Continue Reading

SCOTUS Will Not Review CFAA Password Sharing Case

The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former employer’s … Continue Reading

USCIS: Watch Out For I-9 Email Scams

As reported on our Global Immigration Blog, the U.S. Citizenship and Immigration Services (USCIS) has issued a notice regarding scam email requests for I-9 information.  According to USCIS, employers have received scam emails that appear to come from USCIS.  These scam emails come from a fraudulent email address (news@uscis.gov) and the body of the email may contain USCIS and … Continue Reading

New York AG Announces SHIELD Act

On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of their personal information. “It’s clear that New York’s … Continue Reading

Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act

An Illinois nursing home is facing a putative class action lawsuit filed by a worker who argues that the facility’s required fingerprint scan for timekeeping poses a threat to their privacy, and violates Illinois’s Biometric Information Privacy Act (“BIPA”). From July 2017 to October 2017, at least 26 employment class actions based on the BIPA … Continue Reading

VOTE 2017 – We’re back thanks to you!

We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition. From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today.  If you enjoy the Workplace … Continue Reading

Data Breach Preparedness: A critical risk management priority for small and mid-sized businesses

After hearing a lot lately about big companies suffering data breaches, it is important to remember that, according to inc.com, half of all cyberattacks target small to mid-sized businesses (SMBs). Based on a 2016 State of SMB Cybersecurity Report, CNBC reported that in the prior 12 months half of all SMBs in the U.S. had been hacked. … Continue Reading
LexBlog