Physician practices and other health care providers respond to numerous requests for confidential patient information from patients and others. Mistakes made by employees fulfilling such requests for medical records or making similar disclosures can expose the practice to civil litigation. A recent decision by the Connecticut Supreme Court (Byrne v. Avery Center for Obstetrics
North Carolina AG Proposes Stronger Breach Notification and Personal Information Safeguard Requirements
Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state residents from becoming victims of identity theft. To do so, the “Act to Strengthen Identity Theft Protections” (see fact
U.S. Employers with EU Employees Gearing Up for GDPR
With the continuing parade of high profile data security breaches, the concern U.S. organizations have about the security of their systems and data has been steadily growing. And rightly so. Almost every organization processes (collects, uses, stores, or transmits) individually identifiable data. Much of this data is personal data, including employee data, which brings heightened
Does the GDPR Apply to Your US-based Company?
If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most significant change to European data privacy and security in over 20 years. Most multinational companies, and of
Illinois Court of Appeals Holds BIPA Plaintiffs Must Allege Some Actual Harm
In a ruling that may have significant impact on the recent wave of biometric privacy suits, an Illinois state appeals court held that plaintiffs must claim actual harm to be considered an “aggrieved person” covered by Illinois’ Biometric Information Privacy Act (BIPA), in a dispute arising from the alleged unlawful collection of fingerprints from a
It’s Tax Time – Alert Your HR and Payroll Teams About W2 Phishing Scams
Last February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. The scam, which targets businesses during tax season, was also “spreading to other sectors, including school districts, tribal organizations and nonprofits.” In August 2017, the IRS renewed its warning to tax professionals and businesses as part
Elder Abuse: Are Granny Cams a Solution, a Compliance Burden, or Both?
In Minnesota, 97% of the 25,226 allegations of elder abuse (neglect, physical abuse, unexplained serious injuries and thefts) in state-licensed senior facilities in 2016 were never investigated. This prompted Minnesota Governor, Mark Dayton, to announce plans last week to form a task force to find out why. As one might expect, Minnesota is not alone.
New York AG Announces SHIELD Act
On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of
Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act
An Illinois nursing home is facing a putative class action lawsuit filed by a worker who argues that the facility’s required fingerprint scan for timekeeping poses a threat to their privacy, and violates Illinois’s Biometric Information Privacy Act (“BIPA”). From July 2017 to October 2017, at least 26 employment class actions based on the BIPA
The EU – US Privacy Shield Passed its First Annual Review
The European Commission recently issued an overall positive review in its first annual report on the E.U. – U.S. Privacy Shield (“Privacy Shield”), after evaluating the Privacy Shield in its joint review with the US last month.
The Privacy Shield took effect in August 2016 replacing the EU – US Safeharbor that was invalidated by