Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond. Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in the … Continue Reading
On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two years. The Cybersecurity … Continue Reading
The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to access his former employer’s … Continue Reading
With the proliferation of satellite navigation systems and smart phones, many employers have contemplated using GPS tracking to increase efficiency, and frankly, to keep a better eye on their employees during the work day. The use of GPS tracking in a vehicle can be lawful, there are some limitations to keep in mind. First, you … Continue Reading
Many companies have experienced the departure of an employee and the elimination of that former employees access to the company’s computers and networks. In the recent case of USA v. Nosal, D.C. No. 3:08-cr-00237-EMC-1 (July 5, 2016), the Ninth Circuit Court of Appeals was presented with the following facts: Nosal, a former employee of Korn/Ferry … Continue Reading
Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015. Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with the Privacy … Continue Reading
Earlier today the European Union and U.S. officials announced the final approval of the EU-U.S. Privacy Shield data transfer agreement (“the Privacy Shield”). Beginning August 1, 2016, organizations based in the U.S. will be able to self-certify their compliance with the Privacy Shield. The Privacy Shield is meant to replace the EU-U.S. Safe Harbour agreement … Continue Reading
Beginning January 1, 2017, employees in Colorado will now have a right to inspect and copy their personnel files. Prior to this law, Colorado had no law granting private-sector employees access to their personnel records. Under the new law, upon a current employee’s request, an employer must allow that employee to inspect and obtain a copy … Continue Reading
Last month, Illinois Governor Bruce Rauner signed into law a number of amendments to the State’s Personal Information Protection Act (“PIPA”) that expand the definition of protected personal information and increase certain data breach notification requirements. The amendments, highlighted below, take effect January 1, 2017. Currently, “personal information” is limited to an individual’s first name … Continue Reading
In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on … Continue Reading
As we previously reported, the EU and U.S. reached agreement last week on the EU-U.S. Privacy Shield to replace the invalidated EU-U.S. Safe Harbor Program for transatlantic data transfers. While the announcement of the Privacy Shield is a relief to the thousands of companies who relied on the Safe Harbor Program, details remain unclear. What … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2016.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2016. EU/U.S. Data Transfer (status of Safe Harbor). On October 6, 2015, the Court of Justice of the European Union (CJEU) ruled … Continue Reading
Can we prohibit employees from making audio recordings at work? As advancements in technology continue to increase, and it becomes easier and easier for employees to surreptitiously record conversations, this inquiry is posed by many employers. In fact, we discussed this very question back in 2013. Unfortunately, the answer to this question is perhaps the most … Continue Reading
On March 25, 2015, the United States House of Representative, Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade approved draft legislation which would replace state data breach notification laws with a national standard. This draft legislation comes on the heels of the President’s call for a national data breach notification law. The proposed legislation is … Continue Reading
In honor of National Data Privacy Day, we provide the following “Top 15 for 2015.” While the list is by no means exhaustive, it does provide some hot topics for businesses to consider in 2015. Inside Threats for Healthcare Providers and Business Associates. While news reports of security risks often focus on hackings and breaches … Continue Reading
The New Jersey Assembly on December 15 unanimously approved, by a vote of 75-0, a bill designed to better protect consumers from identify theft. Bill A3146, if approved by the Senate, would expand the state’s law to include disclosure of a breach of security of online accounts. Per the Identity Theft Resource Center, between 2005 … Continue Reading
On January 1, 2015, Delaware employers who dispose of records which contain the unencrypted personal identifying information of employees must take steps to ensure the privacy of such information. The bill, H.B. 294, was recently signed by Delaware’s Governor Jack Markell. The new law defines personal identifying information as an employee’s first name or first initial … Continue Reading
With the proliferation of wage and hour litigation, especially in Florida which has the highest number of Fair Labor Standards Act (“FLSA”) cases filed annually nationwide, employers have sought for better ways to track employee work time in anticipation of defending against unpaid overtime claims. Additionally, employers have used monitoring devices in hopes of increasing … Continue Reading
The New York Department of Financial Services recently published proposed regulations which would require virtual currency businesses operating in New York State to safeguard data and protect customer privacy. Notably, the proposed regulations include requirements for virtual currency business to maintain cyber security programs and business continuity and disaster recovery plans. Virtual currencies under the regulations … Continue Reading
As we previously reported, the Florida legislature was considering joining numerous other states which have banned employers from requesting or requiring access to current or prospective employees’ social media accounts. Senate Bill SB198, which was entitled “An Act Relating to Social Media Privacy,” has died in committee. As such, Florida will not be joining the … Continue Reading
A New Jersey Appellate Court recently ruled that an employee who removes or copies her employer’s documents for use in her whistleblower or discrimination case may be prosecuted criminally for stealing. In State v. Saavedra, the employee had taken highly confidential original documents owned by her employer, contending that she did so to support her employment … Continue Reading
In honor of National Data Privacy Day, we provide the following “Top 14 for 2014.” While the list is by no means exhaustive, it does provide critical areas businesses will need to consider in 2014. Location Based Tracking. As the utilization of GPS enable devices becomes more and more prevalent, employers are often faced with … Continue Reading
Massachusetts Senator Elizabeth Warren recently introduced legislation which would ban employers from conducting credit checks of prospective employees during the hiring process. Known as the Equal Employment for All Act, the measure would amend the Fair Credit Reporting Act to prohibit employers from using consumer credit reports to make employment decisions. Notably, the Act would permit exceptions … Continue Reading
In a recent consent order, the New Jersey Division of Consumer Affairs settled an investigation involving Dokogeo, Inc., a California based mobile application developer. Under the Children’s Online Privacy Protection Act (“COPPA”) websites and online services which collect information from children younger than 13 are subject to certain parental notice and consent requirements. In the Dokogeo … Continue Reading
