For the second year in a row, the Washington legislature failed to pass an ambitious consumer privacy protection bill into law.
As people across the world react to the rapid spread of COVID-19, a new threat is emerging; individuals and employers face a risk from hackers trying to take advantage of the demand for information. Hackers have begun using fake government reports, health fact sheets, and tracking maps to deliver malware and harvest personal or sensitive data from people seeking out information on the coronavirus.
California’s all-inclusive privacy law, the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, has already been cited in numerous lawsuits. Over this next year, employers are likely to see lawsuits testing the waters of the new statute. For now, the first wave of CCPA lawsuits raise several unsettled questions and serve as an important reminder to implement procedures to bring your business in compliance.
While the federal government continues to work on a national program of consumer privacy safeguards, Washington is on the brink of joining California in a West Coast wave of consumer privacy legislation. In January 2020, a bipartisan group of Washington legislators presented new legislation for a privacy act that looks to surpass the recent California Consumer Privacy Act (“CCPA”) as the most protective consumer privacy act in the country.
On February 10, 2020, the Attorney General issued revisions to the proposed regulations to the California Consumer Privacy Act (the CCPA) which were originally published in October of last year. While the Attorney General cannot bring an enforcement action until July 1, 2020, these revisions indicate that the office is gearing up to start bringing CCPA enforcement actions in July. Further, while employers won a brief reprieve for their employee and applicant personal information due to an amendment to the CCPA, it is important to remember that this reprieve only lasts until January 1, 2021. As the law currently stands, employers have only had to comply with a small portion of the CCPA for their employees and job applicants.
The government just sent a stern reminder to all employers, especially those involved in providing healthcare, that they must still comply with the protections contained in the HIPAA Privacy Rule during the Coronavirus outbreak. The Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) issued a reminder this month after the World Health Organization declared a global health emergency. In fact, the Rule includes provisions that are directly applicable to the current circumstances.
Many small or solo franchisees, subsidiaries, and affiliates of larger businesses may think the California Consumer Privacy Act (CCPA), does not apply to your separate business entity because it does not meet one of the three threshold criteria for CCPA coverage: (1) your annual revenue is under $25 million; (2) you do not annually collect the personal information of 50,000 or more California residents, households or devices; and (3) you are not in the business of selling information. But upon closer inspection, you may be disappointed to learn that California’s groundbreaking new privacy law, which became effective January 1, 2020, may yet still apply to you based on a potentially broad "control" test.
Illinois has introduced new workplace privacy legislation governing the use of artificial intelligence during the job interview process. The state legislature unanimously passed the Artificial Intelligence Video Interview Act (“the AIVI Act”), HB2557, which imposes consent, transparency and data destruction requirements on employers using AI technology during the job interview process. This comes at a time as many employers are beginning to take advantage of AI for hiring as recently reported by the Washington Post in its profile of the video interviewing software HireVue.
Governor Gavin Newsom just signed into law two amendments to the California Consumer Privacy Act (CCPA) that will have a direct impact on employers doing business in the state. The new amendments, signed on October 11, 2019 and taking effect on January 1, 2020, require covered businesses meeting a certain revenue threshold or other criteria to implement policies and procedures that provide consumers – which includes employees – certain privacy rights not previously available under existing law.
On July 25, 2019, New York Governor Anthony Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The Act creates additional protections for the residents of New York and their private information. It also endeavors to improve cybersecurity measures for those who possess private information about New York residents.