Notice

Class Certification Granted – California Website Tracking Lawsuit Reminds Businesses about Notice Risks

By Jason C. Gavejian, Shannon Bettis Nakabayashi & Leo P. Norton on February 6, 2025

A California federal district court recently granted class certification in a lawsuit against a financial services company. The case involves allegations that the company’s website used third-party technology to track users’ activities without their consent, violating the California Invasion of Privacy Act (CIPA). Specifically, the plaintiffs allege that the company along with its third-party…

Privacy Blizzard Expected in January as Five State Laws Take Effect

By Joseph J. Lazzarotti on December 20, 2024

Posted in Consumer Privacy

Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective.

Here is an overview of businesses needing to prepare.

1. Delaware Personal Data Privacy Act (DPDPA)

The DPDPA takes effect on January 1, 2025. It applies to entities doing…

Why Retirement Plan Sponsors and Fiduciaries Need to Know about the SEC Cybersecurity Amendments

By Joseph J. Lazzarotti on May 29, 2024

Posted in Data Security

In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL makes clear that when selecting retirement plan service providers, plan fiduciaries must prudently assess the cybersecurity of those providers.

On May 15, 2024…

Employee Monitoring: New York Establishes New Requirements for Employers

By Joseph J. Lazzarotti, Jason C. Gavejian, Damon W. Silver, Mary T. Costigan & Maya Atrakchi on November 19, 2021

Posted in Uncategorized

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace. Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,…

Virginia Responds to W-2 Phishing Scams with First of Its Kind Notification Requirement

By Jason C. Gavejian on April 4, 2017

Posted in Data Security, Identity Theft

As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of…

European Commission Unveils EU-U.S. Privacy Shield (Update)

By Jason C. Gavejian on February 29, 2016

Posted in Consumer Privacy, Data Security, Information Management, Information Risk, International, Monitoring, Online Privacy, Workplace Privacy

Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement,…

Workplace Privacy, Data Management & Security Report