Employment Privacy Blog

News, commentary, and legal updates from attorneys in the Data Security and Workplace Privacy Practice Group at Fisher Phillips.

New York Expands The Data Breach Umbrella: More Cybersecurity Incidents Will Require Breach Compliance From Businesses Who Possess Private Information For New York Residents On July 25, 2019, New York Governor Anthony Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law.  The Act creates additional protections for the residents of New York and their private information.  It also endeavors to improve cybersecurity measures for those who possess private information…
Have You Thought About Encrypting Your Company’s Data, And Its Communications? Perhaps You Should Alright. So, you’ve battened down the hatches of your company’s premises, to protect your employees and your information. Employees are required to create secret computer passwords they’re not to share with anyone, even colleagues. Your policy requires changing passwords every 45 days. You’ve installed security guards at the front desk, distributed security badges to limit access to your premises, conducted background…
Thanks to recent negotiations among state lawmakers, it appears that California employers may get a temporary reprieve on some of the more sweeping data privacy requirements that were set to take effect in just a few short months. However, the pending legislation that would provide the delay would not exempt employers from significant disclosure requirements that also comprise the California Consumer Privacy Act (CCPA) – meaning you should still be in the process of preparing…
Early last year, I posted about tougher, bi-partisan privacy and data security legislation in the works in North Carolina. North Carolina State Representative Jason Saine (R), Senior Appropriations Chair, teamed-up with North Carolina Attorney General Josh Stein (D) and issued a fact sheet outlining what the new legislation would include.  Finally, on April 16, 2019, Representative Saine (R), Senior Appropriations Chairman, House Deputy Majority Leader Brenden Jones (R), and House Deputy Democratic Leader Robert Reives,…
An amendment to New Jersey’s data breach notification requirements of the Consumer Fraud Act is currently awaiting signature by State Governor Phil Murphy.  The bill, Assembly No. 3245, was recently passed by both the New Jersey Senate and Assembly.  If signed into law as expected, the amendment will expand the definition of personal information to include “user name, email address, or any other account holder identifying information, in combination with any password or security question…
By now, we are all too familiar with the issues and pitfalls associated with cybersecurity breaches in a multitude of industries. Consider Equifax, Home Depot, Yahoo or Target, to name a few. Those well-publicized incidents overwhelmingly concerned customer and/or consumer privacy invasions, but touched barely, if at all, on whether those breaches compromised employees’ private information, or whether those companies should have done more to protect not only their customers’ information, but their employees’ as…
Illinois Supreme Court Ruling: Biometric Privacy Law Only Requires Violation, Not Actual Harm Summary On January 25, 2019, the Illinois State Supreme Court ruled that the state’s Biometric Information Privacy Act (BIPA) only requires individuals to show violation of the law to bring suit. Businesses with a presence in Illinois that gather “biometric identifiers”, which include a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry, are now at a greater…
Don’t Take the Bait!  “Spear Phishing” and “Whaling” Take Scams to the Next Level For several years now, we’ve been alerting employers about the dangers of phishing scams that attempt to obtain private and personal information from employers.  See some of our previous posts here, here here, and here.  Many of these scams rear their ugly head around tax season, with attacks targeting human resources staff and payroll personnel in particular. However,…
While parts of the Government continue to be shut down over concerns about people crossing the border from Mexico into the United States, the cyber borders are at risk. Many government websites are not being monitored or maintained for security. Several websites have been rendered unsecured or inaccessible during the shutdown. For example, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) put approximately 1,500 non-critical employees on furlough, or about 43 percent…
Data Breach Liability for Pennsylvania Employers Expands – Pennsylvania Supreme Court Holds that Employers Have a Duty of Care to Protect and Secure Employee Data Data breach liability for Pennsylvania employers of all sizes expanded with a recent Pennsylvania Supreme Court decision in Dittman v. UPMC.  __ A.3d __, No. 43 WAP 2017, 2018 WL 6072199 (Pa. 2018).  The Pennsylvania Supreme Court has reformed two legal principles that have protected employers against liability when they…