In 2018, the California legislature enacted the California Consumer Privacy Act (“CCPA”), which went into effect on January 1, 2020 but was amended six times before it even took effect. Concerned that amendments have weakened the CCPA and that consumers still do not understand how their personal information is being used by businesses, proponents of the CCPA have proposed a ballot initiative for the November 2020 ballot titled the California Privacy Rights Act of 2020 (“CPRA”)—colloquially known as CCPA 2.0.
Over the years, Fisher Phillips has covered the proliferation of blockchain technology extensively. From streamlining the hiring process to its ability to enforce workplace policies, the benefits are numerous. This is particularly true for employers grappling with how to securely store employee health information in a post-pandemic workplace (more on that in a minute). If you have no idea what I’m talking about, or kind of know what I’m talking about, but still don’t quite “get it,” let’s begin by answering that initial question: what is blockchain?
For the second year in a row, the Washington legislature failed to pass an ambitious consumer privacy protection bill into law.
As people across the world react to the rapid spread of COVID-19, a new threat is emerging; individuals and employers face a risk from hackers trying to take advantage of the demand for information. Hackers have begun using fake government reports, health fact sheets, and tracking maps to deliver malware and harvest personal or sensitive data from people seeking out information on the coronavirus.
California’s all-inclusive privacy law, the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, has already been cited in numerous lawsuits. Over this next year, employers are likely to see lawsuits testing the waters of the new statute. For now, the first wave of CCPA lawsuits raise several unsettled questions and serve as an important reminder to implement procedures to bring your business in compliance.
While the federal government continues to work on a national program of consumer privacy safeguards, Washington is on the brink of joining California in a West Coast wave of consumer privacy legislation. In January 2020, a bipartisan group of Washington legislators presented new legislation for a privacy act that looks to surpass the recent California Consumer Privacy Act (“CCPA”) as the most protective consumer privacy act in the country.
On February 10, 2020, the Attorney General issued revisions to the proposed regulations to the California Consumer Privacy Act (the CCPA) which were originally published in October of last year. While the Attorney General cannot bring an enforcement action until July 1, 2020, these revisions indicate that the office is gearing up to start bringing CCPA enforcement actions in July. Further, while employers won a brief reprieve for their employee and applicant personal information due to an amendment to the CCPA, it is important to remember that this reprieve only lasts until January 1, 2021. As the law currently stands, employers have only had to comply with a small portion of the CCPA for their employees and job applicants.
The government just sent a stern reminder to all employers, especially those involved in providing healthcare, that they must still comply with the protections contained in the HIPAA Privacy Rule during the Coronavirus outbreak. The Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) issued a reminder this month after the World Health Organization declared a global health emergency. In fact, the Rule includes provisions that are directly applicable to the current circumstances.
Many small or solo franchisees, subsidiaries, and affiliates of larger businesses may think the California Consumer Privacy Act (CCPA), does not apply to your separate business entity because it does not meet one of the three threshold criteria for CCPA coverage: (1) your annual revenue is under $25 million; (2) you do not annually collect the personal information of 50,000 or more California residents, households or devices; and (3) you are not in the business of selling information. But upon closer inspection, you may be disappointed to learn that California’s groundbreaking new privacy law, which became effective January 1, 2020, may yet still apply to you based on a potentially broad "control" test.
Illinois has introduced new workplace privacy legislation governing the use of artificial intelligence during the job interview process. The state legislature unanimously passed the Artificial Intelligence Video Interview Act (“the AIVI Act”), HB2557, which imposes consent, transparency and data destruction requirements on employers using AI technology during the job interview process. This comes at a time as many employers are beginning to take advantage of AI for hiring as recently reported by the Washington Post in its profile of the video interviewing software HireVue.