Workplace Privacy, Data Management & Security Report

National Biometric Information Privacy Act, Proposed by Sens. Jeff Merkley and Bernie Sanders

August 5, 2020

Whether it is facial recognition technology being used in connection with COVID-19 screening tools and in law enforcement, continued use of fingerprint-based time management systems, or the use of various biometric identifiers for physical security and access management, applications involving biometric identifiers and information in the public and private sectors continue to grow. Concerns about the privacy and security of that information continue to grow as well. Several states have laws protecting biometric information in…

Workplace Privacy, Data Management & Security Report

Will the Public Health Emergency Privacy Act Make it into the Next Stimulus Package?

By Joseph J. Lazzarotti & Maya Atrakchi

August 3, 2020

Despite several attempts, Congress has struggled to push forward a federal consumer privacy law over the past few years. But the COVID-19 pandemic, which has raised concerns regarding location monitoring, GPS tracking and use of health data, has heightened the urgency for federal consumer privacy legislation. In May, a group of Democrats from the U.S. Senate and House of Representatives introduced the Public Health Emergency Privacy Act (“the Act”), aimed to protect health information during…

Workplace Privacy, Data Management & Security Report

Transferring Employee Data after EU-U.S. Privacy Shield Invalidated

By Joseph J. Lazzarotti & Mary T. Costigan

July 28, 2020

Businesses are now prohibited from transferring employee personal data from the European Economic Area (EEA) to the U.S. under the EU-U.S. Privacy Shield program. The Court of Justice of the European Union (CJEU) declared the EU-U.S. Privacy Shield invalid in Data Protection Commissioner v. Facebook Ireland and Schrems (C-311/18) (Schrems II), effective immediately. Businesses that relied on the EU-U.S. Privacy Shield as an adequate transfer mechanism can no longer perform routine activities such as sending…

Workplace Privacy, Data Management & Security Report

OCR Warns HIPAA Covered Entities: When You Learn About HIPAA Violations, Fix Them

By Joseph J. Lazzarotti

July 24, 2020

Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers: When informed of potential HIPAA violations, providers owe it to their patients to quickly address problem areas to safeguard individuals’ health information According to OCR allegations, a small health care provider in North Carolina, Metropolitan Community Health Services, reported a data breach on June 9, 2011.…

Workplace Privacy, Data Management & Security Report

EU-U.S. Privacy Shield Program for Transfer of Personal Data to U.S. Found Invalid

By Joseph J. Lazzarotti & Mary T. Costigan

July 22, 2020

On July 16, 2020, the Court of Justice of the European Union (CJEU) published its decision in the matter of Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (“Schrems II”). The matter, arising from the transfer of Schrems’ personal data by Facebook Ireland to Facebook Inc. in the United States, presented questions concerning the transfer of personal data from the EEA to a third country without an adequacy determination. The decision declares the EU-US…

Workplace Privacy, Data Management & Security Report

Supreme Court Will Take on The TCPA Again

By Jason C. Gavejian & Maya Atrakchi

July 21, 2020

Back in October of 2019, the U.S. Supreme Court was petitioned to review a Ninth Circuit ruling regarding the Telephone Consumer Privacy Act (“TCPA”) on the following issues: 1) whether the TCPA’s prohibition on calls made by an automatic telephone dialing system (“ATDS”) is an unconstitutional restriction of speech, and if so whether the proper remedy is to broaden the prohibition to abridge more speech, and 2) whether the definition of ATDS in the TCPA…

Workplace Privacy, Data Management & Security Report

Supreme Court Weighs in on TCPA Constitutionality

By Jason C. Gavejian & Maya Atrakchi

July 17, 2020

In a much-anticipated Supreme Court decision, Barr v. American Association of Political Consultants, sure to impact the future of the Telephone Consumer Protection Act (“TCPA”), the Court addressed the issue of whether the government-debt exception to the TCPA’s automated-call restriction violates the First Amendment, and whether the proper remedy for any constitutional violation is to sever the exception from the remainder of the statute. The Supreme Court concluded that Congress impermissibly favored government-debt collection…

Workplace Privacy, Data Management & Security Report

California Attorney General Issues CCPA FAQs

By Joseph J. Lazzarotti

July 14, 2020

With the California Consumer Privacy Act (CCPA) now in effect (January 1, 2020) and enforceable by California’s Attorney General (“AG”) (July 1, 2020), the AG has published Frequently Asked Questions (FAQs). Designed to aid consumers in exercising their rights under the CCPA, the FAQs also contain helpful reminders for businesses and service providers regarding their obligations under the law. The FAQs cover several main topics for consumers: general information, “Do Not Sell” requests, “Right to…

Workplace Privacy, Data Management & Security Report

Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?

By Joseph J. Lazzarotti

July 9, 2020

A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan. Retirement plan sponsors may begin seeing more of these claims and they might consider some strategies to head them off.…

Workplace Privacy, Data Management & Security Report

North Dakota Implements A New Student Privacy Law

By Delonie A. Plummer

July 9, 2020

North Dakota’s State Board of Higher Education recently implemented the Student Data Privacy and Security Bill of Rights (the “Policy”). The Policy, which went into effect on May 29, 2020, was created by the North Dakota Student Association to facilitate students’ access to their Personally Identifiable Information (“PII”), and to regulate the North Dakota University System and its institutions’ collection and use of PII. Key Provisions Under The Policy The Policy outlines students’ right to…

Workplace Privacy, Data Management & Security Report

Blog Authors

National Biometric Information Privacy Act, Proposed by Sens. Jeff Merkley and Bernie Sanders

Will the Public Health Emergency Privacy Act Make it into the Next Stimulus Package?

Transferring Employee Data after EU-U.S. Privacy Shield Invalidated

OCR Warns HIPAA Covered Entities: When You Learn About HIPAA Violations, Fix Them

EU-U.S. Privacy Shield Program for Transfer of Personal Data to U.S. Found Invalid

Supreme Court Will Take on The TCPA Again

Supreme Court Weighs in on TCPA Constitutionality

California Attorney General Issues CCPA FAQs

Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?

North Dakota Implements A New Student Privacy Law

Stay Connected

Company

Products

Support

New to the Network

Blog Authors

Latest from Workplace Privacy, Data Management & Security Report