Whether it is facial recognition technology being used in connection with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time management systems, or the use of various biometric identifiers for physical security and access management, applications involving biometric identifiers and information in the public and private sectors continue to grow. Concerns about
Will the Public Health Emergency Privacy Act Make it into the Next Stimulus Package?
Despite several attempts, Congress has struggled to push forward a federal consumer privacy law over the past few years. But the COVID-19 pandemic, which has raised concerns regarding location monitoring, GPS tracking and use of health data, has heightened the urgency for federal consumer privacy legislation. In May, a group of Democrats from the U.S.
Transferring Employee Data after EU-U.S. Privacy Shield Invalidated
Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid in Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems II), effective immediately. Businesses that
OCR Warns HIPAA Covered Entities: When You Learn About HIPAA Violations, Fix Them
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers:
When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information
According to OCR allegations,
EU-U.S. Privacy Shield Program for Transfer of Personal Data to U.S. Found Invalid
On July 16, 2020, the Court of Justice of the European Union (CJEU) published its decision in the matter of Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (“Schrems II”). The matter, arising from the transfer of Schrems’ personal data by Facebook Ireland to Facebook Inc. in the United States, presented questions
California Attorney General Issues CCPA FAQs
With the California Consumer Privacy Act (CCPA) now in effect (January 1, 2020) and enforceable by California’s Attorney General (“AG”) (July 1, 2020), the AG has published Frequently Asked Questions (FAQs). Designed to aid consumers in exercising their rights under the CCPA, the FAQs also contain helpful reminders for businesses and service providers regarding
Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?
A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan.
CCPA Litigation is on the Rise: Is Your Organization Prepared?
On January 1, 2020 the California Consumer Privacy Act (CCPA) took effect. Largely considered the most expansive U.S. privacy law to date, there has been much anticipation over the impact the law will have on the privacy litigation landscape. Although the California Attorney General’s (“AG”) enforcement authority only begins on July 1, this has not
New Ransomware Tactics and Strains Emerge, Including Public Auctions of Stolen Data
As many have learned over the last several years, ransomware is a type of malware that denies affected users access to critical data by encrypting it. Attackers profit handsomely by requiring victims to pay substantial sums, typically tendered in a cryptocurrency such as Bitcoin. A look at some of the numbers over the past two
Privacy Issues of U.S. Collection of Social Media Information from Visa Applicants
The Department of State (DOS) has been collecting (and maintaining) information on social media use from all visa applicants (immigrant and non-immigrant) since June 2019. The DOS’s collection and maintenance of this information is the subject of a lawsuit. Despite claims of being part of the vetting process, concerns about privacy and misuse of