On January 25, 2019, the Illinois State Supreme Court ruled that the state’s Biometric Information Privacy Act (BIPA) only requires individuals to show violation of the law to bring suit. Businesses with a presence in Illinois that gather “biometric identifiers”, which include a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry, are now at a greater risk of liability if they do not follow legally required procedures for such data collected or stored in the state. BIPA’s applicability at the federal level remains to be seen, but similar laws are being considered throughout the states, raising potential liability for employers elsewhere.
In an alert sent to banks on August 10th, the FBI warned banks that it had “obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’.”
The EU’s General Data Protective Regulation (“GDPR”) has been a popular topic of late. Fisher Phillips’ Employment Privacy Blog has covered the evolution of this regulation, starting with the roll back of the previous “safe harbor” regime, as well as providing updates to GDPR compliance standards, and training recommendations.
Coming on the heels of several high-profile data breaches, lawmakers in the Bay State have turned their attention to evaluating and improving cybersecurity across the Commonwealth. The State Legislature has created a special committee on cybersecurity readiness and is working its way through several bills on data privacy and security. In addition, Governor Baker has established a new department devoted to information technology, titled the “Executive Office of Technology Services and Security.”
On March 8, the House’s Education and Workforce Committee passed a bill, HR 1313 – Preserving Employee Wellness Programs Act. The bill, which was introduced by U.S. Rep. Virginia Foxx in order to “reaffirm existing law to allow employee wellness programs to be tied to responsible financial incentives,” follows a May 2016 ruling by the EEOC that allows for premiums to be cut by up to 30% for individuals and 60% for couples enrolled in wellness programs.
Following this summer’s vote to leave the European Union, the wider implications of Britain’s decision to break from the EU continue to be felt as governments, businesses, and private citizens look to forthcoming negotiations. Unfortunately, it appears that definitive answers to the questions raised by the vote may not be forthcoming for some time following Theresa May’s October 2 announcement that she plans to trigger Article 50, setting in motion negotiations regarding Britain’s departure, by March 2017. One area up for consideration will likely be the issue of data privacy and whether UK will create its own privacy rules or follow the lead of the EU in implementing the General Data Privacy Regulation (GDPR). Generally speaking this law, slated to take effect in May of 2018, will limit the amount of and type of data on EU citizens which may be gathered and shared. Interestingly however, May’s announcement comes just days after the newly appointed head of the Information Commissioner’s Office (ICO), Elizabeth Denham, stated that Britain should follow the GDPR regime. During an interview with the BBC, Denham made her sentiments clear, stating “I don’t think Brexit should mean Brexit when it comes to standards of data protection…In order for British businesses to share information and provide services for EU consumers, the law has to be equivalent.”
The average American worker has nearly a library worth of data existing digitally. What if employers could use such information to lower the cost of employee health care? A growing number of businesses are asking that very question and have begun using employee data to identify health risks in their workforce.
In trying to stem the rising cost of health care companies like Wal-Mart are using “health care analytics companies,” otherwise known as ...