A bipartisan group of New York state lawmakers recently introduced privacy legislation that would impose new obligations on businesses related to biometric identifiers and biometric information. The Biometric Privacy Act (“New York BIPA”), introduced on January 6, would limit how companies can collect or disclose biometric identifiers and biometric information, notice and consent to persons whose data is collected, security measures for the storage of such data, and private rights of action. Employers would not be exempted from these requirements, and businesses would only have 90 days to bring themselves into compliance if the proposed law passes. If the law does take effect, New York would be the fourth state to pass such legislation, joining the ranks of Illinois, Texas, and Washington. While the law still is a long way from passing – in fact, this is the fourth biometric privacy bill introduced by New York lawmakers since 2018, with all prior bills having failed – the risks for employers who are non-compliant with the law would be high. For this reason, we recommend all companies doing business in New York pay attention to this proposal and familiarize yourself with this legislation. Here is what you need to know about this potential New York law.
As a result of the United Kingdom and the European Union reaching agreement on the terms of the EU-U.K. Trade and Cooperation Agreement on December 24, 2020, the U.K. and EU have agreed to continue allowing data transfers between the two for an up-to-six-month transition period. During this time, the European Commission will complete an adequacy assessment of the U.K.’s data protection laws. The adequacy assessment is a process by which the EU certifies that a country, or sector within a country, meets EU standards for data protection.
With a new presidential administration scheduled to take over in just a few short weeks (as well as a revamped Congress), employers nationwide would be wise to anticipate a continued push for federal consumer privacy legislation.
Employers in the financial services sector are facing an unprecedented number of cybersecurity attacks during the pandemic crisis. To put this in perspective, the Financial Industry Regulatory Authority (FINRA) has issued nine notices regarding the ongoing and widespread cybersecurity threats facing the industry since the COVID-19 pandemic began – and only issued seven cybersecurity notices in the 14 years before the pandemic. What do financial services employers need to know about this development, and what can you do to minimize your chances of falling victim to such an attack?
Businesses across Washington state – and those that do business there – might want to brace themselves for another round of debate that could lead to the passage of California-style privacy legislation in 2021. After failures the past two years, lawmakers seem intent on resurrecting the proposal in the new year. What do you need to know about this possible development, and what can you do to prepare your business?
The COVID-19 pandemic has changed all manner of business procedures over the course of this past year, but one area you may not immediately recognize that needs to be immediately addressed relates to mandatory privacy notifications under California state law – perhaps even if you don’t have employees in the state. If you have not yet adjusted your business practices as it relates to COVID-19, you need to add this important assignment to your end-of-the-year to-do list.
Several federal agencies have teamed up to warn healthcare employers of the increased threat they face as a result of malicious cybercriminals aiming to take advantage of the pandemic to wreak havoc on their operations. The Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation, and the Department of Health and Human Services recently issued a joint advisory based on “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The October 28 Advisory warns that malicious cyberactors are targeting this sector with malware, which can lead to ransomware attacks, data theft, and a disruption of healthcare services. What do healthcare employers need to know about this danger and what can be done to prevent such an attack?
The California Attorney General just proposed a third set of modifications to the regulations implementing the state’s landmark privacy law. The regulations for the California Consumer Privacy Act (the CCPA) had previously gone into effect in August 2020, but the proposed modifications unveiled on October 12 would change and clarify certain requirements related to notice provisions and methods for opting in and opting out of the sale of personal information and verifying authorized agents.
Governor Newsom just signed legislation that will extend the California Consumer Privacy Act (CCPA) exemption for employee, job applicant, and independent contractor data for an additional year – until January 1, 2022. However, this legislation will become effective only if a ballot measure on the November ballot (Proposition 24), which contains a longer extension, does not pass.
Over the years, Congress has put forth various legislative proposals regarding data privacy. None of the past legislation received the support necessary to enable passage of a comprehensive national data privacy law. However, data collection and analysis is becoming a key weapon in the fight against COVID-19 as companies and governments have sought to come up with effective and socially distant ways to keep close tabs on people’s health status and movements. These methods often involve using technology to collect vital but potentially sensitive health and location information.