It is not the first time we have written about complaints, OCR settlements, and even jail time following snooping by hospital employees into patient records. For example, as COVID raged, an investigation showed that for approximately 10 months ending in February, 2021, an employee at a California state hospital improperly accessed approximately 2,000 individuals’ COVID-19
monitoring
Employee Monitoring: New York Establishes New Requirements for Employers
Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace. Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,…
CCPA Update – Maybe Employees Are “Consumers” After All – Employee PI is Still In Play
Employers, you are not out of the CCPA woods yet.
If you have been tracking the proposed amendments to the California Consumer Privacy Act (CCPA), you know that businesses and stakeholders have been clamoring to shape the new sweeping law in a number of ways. We reported earlier this year on some of the potential…
Privacy and Cybersecurity Issues to Watch in 2019
Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond.
Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in…
No Statutory Damages Under SCA Without Actual Damages
The U.S. Court Appeals for the Eleventh Circuit has ruled that statutory damages under the Stored Communications Act (SCA) are not available in a case where the plaintiff did not incur any actual damages.
The case, Vista Marketing LLC v. Burkett, originated from an extremely contentious divorce proceeding. While the majority of the allegations…
The Status of the EU-U.S. Privacy Shield
As we previously reported, the EU and U.S. reached agreement last week on the EU-U.S. Privacy Shield to replace the invalidated EU-U.S. Safe Harbor Program for transatlantic data transfers. While the announcement of the Privacy Shield is a relief to the thousands of companies who relied on the Safe Harbor Program, details remain unclear.…
Top 10 for 2016 – Happy Data Privacy Day
In honor of Data Privacy Day, we provide the following “Top 10 for 2016.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2016.
- EU/U.S. Data Transfer (status of Safe Harbor). On October 6, 2015, the Court of Justice of the European Union (CJEU) ruled
…
Prohibiting Recording Devices – The Dreaded “Maybe”
Can we prohibit employees from making audio recordings at work? As advancements in technology continue to increase, and it becomes easier and easier for employees to surreptitiously record conversations, this inquiry is posed by many employers. In fact, we discussed this very question back in 2013. Unfortunately, the answer to this question is perhaps the…
Wisconsin – Criminal Penalties for Improper GPS Use
As of July 2, 2015, Wisconsin law makes it a Class A misdemeanor for any individual to place a GPS device on another individual’s vehicle without the consent of the vehicle’s owner. Based on comments from the bill’s sponsors, it appears as though the goal of the new law is to protect potential victims or
…
Healthcare Providers and Business Associates: Don’t Ignore the Insider Threats
News reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk rests with an organization’s workforce members. An organization’s information…