Main Menu

Employment Privacy Blog

News, commentary, and legal updates from attorneys in the Data Security and Workplace Privacy Practice Group at Fisher Phillips.

Most attorneys are well aware of statutory obligations that require private and governmental entities to notify individuals of data breaches that involve the loss or disclosure of personally identifiable information.  An area that may be less clear, however, is what ethical obligations attorneys have to guard against data breaches involving client information and what steps attorneys must take when a data breach occurs.

Continuing a trend in the last few years, in 2017, eight states amended their security breach notification laws to expand definitions of “personal information”, specify the timeframe in which notification must be provided, and require businesses to implement adequate security practices to protect personal information in their possession, among other things. New Mexico also enacted a data breach notification statute of its own, leaving only two states without specific legislation relating to data breach notification requirements. A summary of the highlights of the new law and other amendments enacted in 2017 follows:

The use of biometric data is continuously increasing, including in the workplace.  Biometric data may include facial characteristics, hand geometry, a retina/iris scan, a fingerprint or a voiceprint.  Employers often collect and use biometric data to establish records of employee hours, to restrict access to specific areas, computer systems, data or devices, to provide security and to promote employee health, including through wellness programs.

Tags: biometric

Another new phishing scheme has tricked numerous employers into disclosing highly sensitive, employee information. In the wake of tax season, spoofing emails were sent to payroll and human resource personnel at various companies. The emails, appearing to be requests from upper level company officials, including in some instances the companies’ CEOs, requested employee W-2 tax forms that contain Social Security numbers and other personally ...

As if were any surprise, last Friday, November 6, the EU Commission issued a Communication on the Transfer of Personal Data from the EU to the US, following the Judgment by the Court of Justice in Schrems declaring the Safe Harbor arrangement invalid (as previously discussed). In its Communication, the EU Commission emphasized the following: (1) the Safe Harbour arrangement can no longer serve as a legal basis for transfers of personal data to the US; and ...

Recent Posts

Category List

Archives

Back to Page