This is the first post in a three-part series.
May 25, 2018. If you are a company that comes into contact with European data, whether you are operating in Europe or elsewhere, and you have not taken note of this date yet, you should. That is when Europe’s new data protection framework – the General Data Protection Regulation (GDPR) – will enter into force, replacing Data Protection Directive 95/46/EC (the “Directive”).
Following this summer’s vote to leave the European Union, the wider implications of Britain’s decision to break from the EU continue to be felt as governments, businesses, and private citizens look to forthcoming negotiations. Unfortunately, it appears that definitive answers to the questions raised by the vote may not be forthcoming for some time following Theresa May’s October 2 announcement that she plans to trigger Article 50, setting in motion negotiations regarding Britain’s departure, by March 2017. One area up for consideration will likely be the issue of data privacy and whether UK will create its own privacy rules or follow the lead of the EU in implementing the General Data Privacy Regulation (GDPR). Generally speaking this law, slated to take effect in May of 2018, will limit the amount of and type of data on EU citizens which may be gathered and shared. Interestingly however, May’s announcement comes just days after the newly appointed head of the Information Commissioner’s Office (ICO), Elizabeth Denham, stated that Britain should follow the GDPR regime. During an interview with the BBC, Denham made her sentiments clear, stating “I don’t think Brexit should mean Brexit when it comes to standards of data protection…In order for British businesses to share information and provide services for EU consumers, the law has to be equivalent.”
Last Friday, Snapchat (which recently changed its name to Snap, Inc.) announced the coming release of its newest product: “Spectacles” - brightly colored, fun-looking sunglasses with a built-in camera that records videos in 10-second increments (which can be combined to form a video of up to 30-seconds in length) with the touch of a button. The videos can be stored in the sunglasses until a later time or uploaded to the user’s phone for immediate sharing with friends. The glasses are expected to retail for $130 which is only about one-tenth the price of the virtually defunct Google Glass, making Spectacles a product likely to be much more accessible to the average employee. Why does this matter to employers? Because it’s the latest challenge to companies striving to implement more secure data protection and privacy protocols in the workplace.
UK Data Protection Rules remain despite Brexit vote
The Equal Employment Opportunity Commission recently issued final regulations regarding employer wellness programs under GINA and the ADA.
On May 4, 2016, the White House released a report entitled “Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights” to herald its focus on discrimination in “big data” assisted personnel screening algorithms. While the statement was too vague to inform the public of any new enforcement policy or the degree of sophistication with which such a policy might be enforced or even what institution will bear the burden of remedying the perceived issues, it is clear that the intended scope is expansive.
In February 2016, President Barack Obama directed his Administration to implement a Cybersecurity National Action Plan (CNAP) that “takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” (Fact Sheet: Cybersecurity National Action Plan, 2/9/2016) As part of that plan, the President highlighted the STOP. THINK. CONNECT. campaign, a global cybersecurity awareness campaign appealing for individuals to play a more significant role in Internet and network security.
Another new phishing scheme has tricked numerous employers into disclosing highly sensitive, employee information. In the wake of tax season, spoofing emails were sent to payroll and human resource personnel at various companies. The emails, appearing to be requests from upper level company officials, including in some instances the companies’ CEOs, requested employee W-2 tax forms that contain Social Security numbers and other personally ...
In what might be a cautionary tale of the privacy risks for organizations who do business in buying and selling information, last Friday, a Florida jury awarded Hulk Hogan, whose true name is Terry Bollea, $115 Million in damages against Gawker.com and its former owner, Albert J. Daulerio, for the website’s portrayal of him having sexual relations with a woman not his wife. Bollea sued Gawker after the website published a recording of him having sex.
Just a few days after the Major League Baseball season opens next month, former St. Louis Cardinals scouting director Chris Correa will attend a sentencing hearing where he faces to up to five years in prison, a $250,000 fine, and payment of restitution to the Houston Astros. Correa pleaded guilty earlier this year to criminal charges brought against him under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030. Trade secret lawyers, baseball fans, and "Moneyball" enthusiasts are familiar with the allegations. Correa used the password of a former Cardinals employee now working for the Astros to access the Astros' scouting database and obtain confidential player evaluation data.