In March 2010, we reported on a decision by the U.S. District Court for the District of New Jersey that allowed an employee’s retaliation claim to proceed to trial under the New Jersey Conscientious Employee Protection Act (“CEPA”) on the ground that he was engaged in protected whistle blowing activity – voicing concerns regarding his employer’s
EEOC Issues Final Regulations Under Title II of GINA
The long awaited final Title II regulations under the Genetic Information Nondiscrimination Act (GINA) will be issued tomorrow, November 9, 2010. The Equal Employment Opportunity Commission published proposed regulations under Title II of GINA on March 2, 2009. A period of public comment followed. The final regulations will have an impact on a number of employment practices, including wellness
Data Privacy and Security Primer for Law Firms
A UK law firm may find itself subject to significant penalties following reports of a data breach affecting thousands of people. The recent 2010 ABA Annual Meeting in San Francisco devoted two sessions to the topic, specifically dealing with “cloud computing,” and the risks and ethical issues it raises for law firms. As data privacy and security risks
Complimentary Webinar – Massachusetts Data Security Regulations: A Plan for Compliance
Beginning March 1, 2010, businesses will be required to safeguard from identity theft and other dangers personal information about Massachusetts residents under a “written information security program” or WISP. Similar requirements exist in other states around the country, although those requirements generally are not as comprehensive as those becoming effective in the Bay state.
FTC Proposes Revised FCRA Notices
Pursuant to the Fair Credit Reporting Act (pdf), the Federal Trade Commission has promulgated three notices (pdf): (i) A General Summary of Rights; (ii) A Notice to Furnishers of Information to Consumer Reporting Agencies; and (iii) A Notice to Users of Consumer Reports (such as employers). In late August, the FTC proposed revisions to the
The Fundamentals of a Risk Assessment
The most frequent question we hear from clients who want to develop or tighten their data privacy and security policies and procedures: Where do we start?
In most cases, the first step for the group charged with this task is to understand the organization’s "information risk." This means, in short, examining what information the company has
Connecticut Insurance Commissioner Announces Data Breach Notification Mandate
On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any "information security incident." This post provides a brief summary of this new requirement.
Who must provide the notice?
The Bulletin applies to all licensees and registrants of the Department. This generally means all entities
California Bill Would Strengthen Existing Breach Notification Law
Update – On September 29, 2010, Governor Arnold Schwarzenegger for the third time vetoed S.B. 1166.
California led the way in 2002 when it enacted the nation’s first data breach notification law. Last week, the State’s lawmakers sent Governor Arnold Schwarzenegger S.B. 1166 (pdf), which would mandate that data breach notification communications include more detailed
Another Facebook Post, Another Fired Employee
ABC news reported yesterday about an employee fired for statements made on a social networking site – this time Facebook. The employee, Massachusetts high school teacher June Talvitie-Siple, was fired by her school district for statements she made about the community, her students and their parents. The 54-year-old teacher mistakenly thought her statements were being communicated
State Law Developments for Credit and Criminal Background Checks
Recent state law developments will affect whether and to what extent certain employers can conduct credit and criminal background checks on employees and applicants. Employers, particularly multi-state employers, should be sure to review these new requirements and adjust their practices accordingly.
Massachusetts
The Commonwealth has changed how employers access and use criminal offender record information