NLRB Approves Workplace Social Media Policy Limiting Employees’ Online Communications
Latest from Workplace Privacy, Data Management & Security Report
CDC Expands Guidance on Workplace SARS-CoV-2 Testing to Require Informed Consent
As employers continue to grapple with a safe return to the workplace, on January 21, the U.S. Center for Disease Control and Prevention (CDC) issued new guidance for businesses and employers on SARS-CoV-2 testing of employees, as part of a more comprehensive approach to reducing transmission of the virus in non-healthcare workplaces. While the CDC had already released some guidance on the matter of workplace testing (last updated in October), the CDC’s more recent guidance…
ACC Launches Data Steward Program: An Approach to Assessing Law Firm Data Security
On December 8th, the Association of Corporate Counsel (ACC), which represents over 45,000 in-house counsel across 85 countries, announced the launch of its Data Steward Program (DSP) to help organizations and their law firms assess and share information about information security relating to client data. The DSP is two years in the making, collecting input from attorneys, cybersecurity and privacy experts and litigation support experts from corporations, law firms, vendors and government. The DSP, a…
CCPA at the One-Year Mark
The CCPA has reached the one-year mark. This is a good time for businesses to review the success of their compliance programs and recalibrate for the CCPA’s second year. Here are a few suggestions to kick off that review:
Privacy Policies. The CCPA requires a business to update the information in its privacy policy or any California-specific description of consumers’ privacy rights at least once every twelve months. If a business has not already done…
Want to Know if Your Employees Received the COVID-19 Vaccine? Some Best Practices to Consider
New York Could Become the Next Hotbed of Class Action Litigation Over Biometric Privacy
Dubbed the “Biometric Privacy Act,” New York Assembly Bill 27 (“BPA”) is virtually identical to the Biometric Information Privacy Act in Illinois, 740 ILCS 14 et seq. (BIPA). Enacted in 2008, BIPA only recently triggered thousands of class actions in Illinois. If the BPA is enacted in New York, it likely will not take as long for litigation to begin under the new privacy law. Interestingly, late last year, Governor Cuomo signed AB A6787D which,…
OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new year. The Report examines OCR’s findings from HIPAA audits the agency conducted during 2016-2017 of 166 healthcare providers and 41 business associates. The audits were intended to…
CPRA Series: The Importance of Data Retention Schedules and Records Management Policies
Record retention and records management policies are key elements for a company’s data protection program. Numerous recently enacted, or amended, data protection laws adopt data retention or storage limitation principles to safeguard personal information. Companies that do not have clearly defined record retention practices should take notice. Companies with existing practices should review those practices to ensure they comply with applicable legislation and their information security program.
The recently passed California Privacy Rights Act of…
FTC Settles Claims Financial Institution Failed to Oversee Its Vendor’s Data Security Practices
Assessing the privacy and cybersecurity practices of third-party service providers is critical not only for employee personal information, but also for confidential and personal information pertaining to an organization’s business and its clients, customers, patients, students, etc. The Federal Trade Commission (FTC) announced a settlement on December 15 with a financial institution that it claimed failed to oversee the data security practices of one of its third-party service providers as required under the Gramm-Leach…
IoT Devices to See New Security Guidelines in 2021
Setting up that new IoT device you received for Christmas? Maybe you’ve been derelict in feeding the dog and found a smart dog feeder under the tree, one that will alert you that Luna has been fed or that you have to refill the feeder. Smart gizmos are not just for the home, approximately 25% of businesses use Internet of Things (IoT) technology, a figure only expected to grow substantially. With that growth will…