On May 31, 2024, Colorado enacted H.B. 24-1130, an amendment to the Colorado Privacy Act (CPA) regarding the use of biometric information (the “Biometric Amendment”). The Biometric Amendment, effective July 1, 2025, requires...more
Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
As employment-related artificial intelligence (“AI”) tools proliferate, multinational employers feel increasing pressure to deploy AI across their global offices. These tools can provide great value and efficiency across the...more
3/1/2024
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Data Collection ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Discrimination ,
Employer Liability Issues ,
Employer Responsibilities ,
General Data Protection Regulation (GDPR) ,
Hiring & Firing ,
Innovative Technology ,
Intellectual Property Protection ,
International Data Transfers ,
Job Applicants ,
Notice Requirements ,
Personal Data ,
Popular ,
Privacy Concerns ,
Regulatory Oversight ,
Risk Management
Employers had a big win in late June 2023 when a trial court in Sacramento enjoined until March 29, 2024, enforcement of the final regulations under the California Privacy Rights Act (CPRA), the only one of 14 recently...more
2/21/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Information Governance ,
Personal Data ,
Popular ,
Regulatory Requirements
With the governor’s signing of New Jersey’s privacy law on January 16, 2024, New Jersey became the 14th U.S. state to pass a comprehensive data protection law. This accelerating legislative trend may have employment counsel...more
Multinationals with employees in the People’s Republic of China (PRC) continue to confront a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
Following on the heels of the launch of the EU-U.S. Data Privacy Framework (DPF) this summer, the U.S. Department of Commerce has extended the DPF to cover transfers of personal data from the United Kingdom (UK) (and...more
U.S.-based multinationals with employees in the People’s Republic of China (PRC) are confronting a November 30 deadline to implement China’s new cross-border data transfer mechanism—the Standard Contract. This implementation...more
9/25/2023
/ China ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
International Data Transfers ,
Multinationals ,
Personal Information Protection Law (PIPL) ,
Personally Identifiable Information ,
Popular
With presidential assent granted on August 11, 2023, for India’s Digital Personal Data Protection Act, 2023 (“DPDA” or the “Act”), India joined the ranks of dozens of jurisdictions globally that have enacted comprehensive...more
As of July 17, 2023, U.S.-based multinational employers that can access the personal data of their workforce members in the European Union (EU) via a human resources information system (HRIS), or otherwise transfer the...more
7/20/2023
/ Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Reform ,
Regulatory Requirements ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After months of uncertainty, the rulemaking process for the California Privacy Rights Act (CPRA), the first-ever comprehensive U.S. data privacy law applicable to human resources data (“HR Data”), concluded on March 29,...more
With the enactment of the Colorado Privacy Act on July 7, 2021, Colorado now joins Virginia in transforming the first major state privacy law, the California Consumer Privacy Act (CCPA), from an outlier into what now appears...more
At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United...more
California’s governor may soon sign into law a one-year delay of the California Consumer Privacy Act’s (CCPA) full application to human resources data. On August 28, 2020, California’s legislature passed A.B. 1281, which...more
9/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
CPREA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
As mega-breaches heighten concern about the security of personal information and a federal solution does not appear forthcoming, New York recently joined the growing list of states imposing their own security obligations on...more
8/27/2019
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Hackers ,
Human Resources Professionals ,
Information Technology ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Effective May 30, 2017, Japan amended its omnibus data protection law, the Personal Information Protection Act (“PIPA”), to add new compliance requirements that will have an immediate impact on many U.S. multinational...more
7/6/2017
/ Amended Legislation ,
Cybersecurity ,
Data Collection ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
Japan ,
Multinationals ,
Personally Identifiable Information ,
PIPA ,
Popular ,
Small Business
Recent, highly publicized data security incidents highlight the continued vulnerability of corporate information systems. Notably, employees who fall prey to sophisticated phishing e-mails and other scams often contribute to...more
5/19/2017
/ Background Checks ,
Confidentiality Agreements ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Email ,
Employee Training ,
Hackers ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Risk Management
With new and sophisticated schemes perpetrated by hackers and scammers, and sensitive personal information becoming increasingly accessible to numerous insiders, it is only a matter of time before most employers will be...more
4/25/2017
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employer Liability Issues ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
State Data Breach Notification Statutes ,
W-2
In response to the February 2, 2016, announcement by the European Commission (the "Commission") and the U.S. Commerce Department of a new framework, called the "Privacy Shield," to replace the invalidated U.S.-European Union...more
In a long-awaited and much-anticipated announcement, the U.S. Department of Commerce and the European Commission (the “Commission”) declared on February 2, 2016, that they had struck a deal on a new cross-border data transfer...more
In a landmark decision that will dramatically affect thousands of U.S. companies that transfer personal data from the European Union ("EU") to the United States, the European Union Court of Justice ("ECJ") yesterday...more
10/7/2015
/ Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Enforcement Guidance ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
Multinationals ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The world of Big Data has arrived, and it is beginning to affect employers and their decision-making in ways undreamed of even a few years ago. Employers can access more information about their applicant pool than ever...more
8/5/2015
/ Americans with Disabilities Act (ADA) ,
Big Data ,
Class Action ,
Compliance ,
Data Protection ,
Data Security ,
Equal Employment Opportunity Commission (EEOC) ,
Fair Credit Reporting Act (FCRA) ,
Hiring & Firing ,
OFCCP ,
Popular ,
Privacy Policy ,
Workplace Safety
With the advent of new rules regulating the protection of personal data, companies with operations in Colombia must implement policies and practices to comply with Colombia’s privacy law. In October 2012, Colombia enacted...more
Con la promulgación de nuevas regulaciones sobre la protección de datos personales, las empresas que operan en Colombia deben acogerse a estas políticas e implementarlas en sus empresas, para acatar la ley de privacidad...more