On May 31, 2024, Colorado enacted H.B. 24-1130, an amendment to the Colorado Privacy Act (CPA) regarding the use of biometric information (the “Biometric Amendment”). The Biometric Amendment, effective July 1, 2025, requires...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
9/25/2023
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
International Data Transfers ,
Multinationals ,
Personal Information Protection Law (PIPL) ,
Personally Identifiable Information ,
Popular
With the enactment of the Colorado Privacy Act on July 7, 2021, Colorado now joins Virginia in transforming the first major state privacy law, the California Consumer Privacy Act (CCPA), from an outlier into what now appears...more
Less than a year after the California Consumer Privacy Act (CCPA) went into effect, California’s electorate approved a ballot measure that will substantially expand the privacy obligations the CCPA imposes on employers. On...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
California’s governor may soon sign into law a one-year delay of the California Consumer Privacy Act’s (CCPA) full application to human resources data. On August 28, 2020, California’s legislature passed A.B. 1281, which...more
9/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
CPREA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Hackers ,
Human Resources Professionals ,
Information Technology ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
On November 20, 2018, the Illinois Supreme Court will hear oral arguments in a case that has significant implications for Illinois employers, though it is not an employment-law case.
Originally published by the Washington...more
Since mid-September 2017, more than 50 employers that use “biometric timeclocks” in Illinois have been targeted with class action lawsuits alleging violations of the state’s Biometric Information Privacy Act (“BIPA”). A...more
1/10/2018
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Facial Recognition Technology ,
Fingerprints ,
Personal Data ,
Personally Identifiable Information ,
Popular
The announcement by Equifax, Inc. that it had been victimized in a hacking incident involving the personal information of 143 million Americans generated headlines this past week. The sheer size of the hack means that most...more
9/18/2017
/ Corporate Counsel ,
Data Breach ,
Equifax ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
State Data Breach Notification Statutes ,
Vendors
Effective May 30, 2017, Japan amended its omnibus data protection law, the Personal Information Protection Act (“PIPA”), to add new compliance requirements that will have an immediate impact on many U.S. multinational...more
7/6/2017
/ Amended Legislation ,
Cybersecurity ,
Data Collection ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
Japan ,
Multinationals ,
Personally Identifiable Information ,
PIPA ,
Popular ,
Small Business
Recent, highly publicized data security incidents highlight the continued vulnerability of corporate information systems. Notably, employees who fall prey to sophisticated phishing e-mails and other scams often contribute to...more
5/19/2017
/ Background Checks ,
Confidentiality Agreements ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Email ,
Employee Training ,
Hackers ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Risk Management
With new and sophisticated schemes perpetrated by hackers and scammers, and sensitive personal information becoming increasingly accessible to numerous insiders, it is only a matter of time before most employers will be...more
4/25/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employer Liability Issues ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
State Data Breach Notification Statutes ,
W-2
HR and payroll professionals nationwide have been, and will continue to be, targeted with e-mails apparently sent by a senior executive but actually sent by scammers who ask for a prompt reply with the 2016 W-2s for all of...more
3/8/2017
/ Class Action ,
Email ,
Hackers ,
Human Resources Professionals ,
Identity Theft ,
IRS ,
Payroll Records ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Social Security Numbers ,
Tax Fraud ,
Tax Returns ,
W-2
With over 680 security breaches reported so far in 2016, more employers are being forced to confront the issue of how to respond to a breach. All states except Alabama, North Dakota and New Mexico now require notification...more
It is not a matter of "if" but "when" an employer will be required to notify employees of a security breach. Forty-seven states require employers to notify employees when defined categories of personal information, including...more
11/4/2015
/ Attorney General ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Security ,
Employer Liability Issues ,
Hackers ,
Healthcare ,
Multistate Corporations ,
Personally Identifiable Information ,
Popular ,
Privacy Concerns ,
Privacy Laws ,
Reporting Requirements ,
Social Security Numbers