As reported on our Benefits Law Advisor, the EEOC has issued proposed wellness program regulations. Much of the attention to those proposed rules understandably will be how they would affect the incentives employers have implemented to spur their employees to engage in healthier behaviors. The proposed rules also address, however, the confidentiality provisions under
Next Step in U.S. Postal Service Breach – NLRB Sues Postal Service
As discussed in an earlier post, shortly after the United States Postal Service reported a data breach potentially affecting hundreds of thousands of employees, the American Postal Workers Union filed an unfair labor practice with the National Labor Relations Board alleging the Postal Service should have bargained with the union over the impact and
Email Autofill Error Exposes Personal Information of G20 World Leaders
With breaches caused by payment card thieves and hackers dominating the news, it is easy for mid-sized and small companies to think that data breaches are unfortunate events that affect only large companies. Not only is this sentiment misguided, but in relative terms the information contained in exposed emails can cause far more damage to
Checklists Not Enough When Developing a WISP, FTC Director Comments at IAPP Global Privacy Summit
This year’s IAPP Global Privacy Summit was very informative on a number of fronts, including the helpful insight provided by officials at the Federal Trade Commission (FTC) on a range of topics. A good summary of some of their comments can be found here, which includes concerns they expressed about the Consumer Privacy Bill
Illinois Attorney General Seeks Stronger Data Breach Notification Law, Requirement to Safeguard Personal Information
Reacting to a report that identity theft was a top concern for Illinois residents (second in a list of ten), Attorney General Lisa Madigan announced a legislative proposal to strengthen the state’s existing data breach notification law. The call for stronger breach notification laws is a trend that has emerged in other states, such as
Peer Review Confidentiality Requirement Protects Physician Reviewers from Adverse Employment Action, New Mexico Supreme Court Rules
When a physician participated in the peer review of another physician and his conduct during the review became the basis for adverse employment action against him, the New Mexico Supreme Court, in Yedidag v. Roswell Clinic Corp., ruled that the reviewing physician had a private cause of action against his employer, and affirmed the
Secretary in Germany Successfully Challenges Employer’s Monitoring…Is Your Monitoring Program Defensible?
According to a report by Deutsche Welle, the German Federal Labor Court held that employers may monitor employees only when they have concrete suspicions of wrongdoing that are based on fact. In the U.S., the standards for engaging in monitoring employees may not be quite that high, but employers should be thinking about whether
ACA Information Reporting Creates Data Privacy and Security Issues
During this year, businesses will be hearing a lot about the Affordable Care Act’s (ACA’s) information reporting requirements under Code Sections 6055 and 6056. Information gathering will be critical to successful reporting, and there is one aspect of that information gathering which employers might want to take action on sooner rather than later – collecting
Employer FAQs: Responding to the Anthem Breach
The first massive data breach of 2015 hit one of the country’s largest insurance issuers, Anthem, Inc., including Anthem Blue Cross and Blue Shield and other related entities (Anthem). The incident reportedly affected over 80 million persons who are or were covered under a policy or program insured or serviced by Anthem. The personal note
New York Attorney General Seeks Stonger Data Breach Notification Law and Data Security Safeguards
Earlier this month, the New York Attorney General Eric T. Schneiderman announced a legislative proposal that would strengthen protections for private information by expanding the state’s breach notification law to cover e-mails, passwords and health data, require companies to implement data security measures, and notify consumers and employees in the event of a breach. If