On Thursday, October 5, 2017, Mintz Levin will host a webinar entitled “Handling Human Resources Data Under Privacy Shield and the GDPR,” which will address EU laws concerning the transfer of employee personal data to the US and the penalties for getting it wrong, which are set to increase dramatically when the GDPR goes into effect in May 2018.

For more information and to register, please click here.

Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the way companies think about wellness. Wearables are the latest in workplace fads and they’ve got the numbers to back it up: sales are likely to hit $4 billion in 2017 and 125 million units are likely to be shipped by 2019. Wearable technology has transformed the workplace just as more and more employers are utilizing wellness programs to improve employee motivation and health.  As the popularity of these technologies soars, so too will concerns around the associated privacy and data security risks.  In this blog post, we discuss just a few of the legal implications for employers who run wellness programs embracing this new fad.

Continue Reading March Fadness: Wearable Tech in the Workplace

We are well into March Madness … and Happy St. Patrick’s Day!

You may have already had your bracket busted by now…..but you should have Mintz Levin’s Third Annual Employment Law Summit on your schedule and the panel on Cybersecurity and Employee Data Breaches may help you avoid a security incident/personal data buster.

Continue Reading Mintz Levin Third Annual Employment Law Summit – Cybersecurity and Employee Data Breaches

Our colleagues over at the Privacy & Security Matters blog wrote a really good piece entitled “It’s Tax Time – Don’t be Phished,” which guides employers on how to avoid phishing scams during this tax season. It’s a must read because the targets of these scams are HR and payroll departments, and employer awareness is necessary not only to protect employees, but also because responding to one of these scam emails constitutes a reportable data breach under state laws.  Employers could have significant liability for failure to provide notice to employees and/or state regulators (where required).

 

From:     Ned Help

To:          Carrie Counselor

Date:      June 1, 2016

Subject:  Lost laptop containing European customer information

Carrie,

A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities.   The employee was Abbie Absent-Minded.  Well, we hit a snag pretty quickly.  Abbie just e-mailed me to say that she left her laptop on a train in London last evening and it hasn’t turned up yet in the train company’s lost-and-found.  It was a brand-new laptop that we had given her for her European assignment, so fortunately it didn’t have a lot on it.  Abbie said that the laptop had contact information for her various marketing prospects, plus some sample customer data that she was given by one of her prospects to use in a demo of our web-based advertising product.  She thinks that the customer data included around 200 records with the customer’s name, age, gender, e-mail address and the history of purchases that the customer made from our prospective client’s retail stores.

I assume that we should tell our prospective client that the laptop with their customer data was lost.  What else do we need to think about?

Thanks,
Ned

Continue Reading Innocents Abroad: My Employee Lost a Laptop With Customer Data

Last week, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) issued a final rule aimed at updating the way it collects data and preventing workplace injuries and illnesses.  The final rule can be broken down into two parts: (1) Electronic Reporting and Data Collection; and (2) and Employee Involvement and Retaliation, each of which we discuss below.

Continue Reading OSHA’s New Electronic Reporting and Retaliation Rules Will Make Your Company’s Workplace Injury Reports Accessible to the Public

From:             Carrie Counselor

To:                  Ned Help

Date:              May 19, 2016

Subject:         RE: Privacy considerations for employees working abroad

Dear Ned,

I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about in terms of privacy.  Great question!  This is an area where many employers struggle because other jurisdictions protect privacy and personal data quite differently than we do here in the United States.

Continue Reading Innocents Abroad: Privacy considerations for employees working abroad

Everyone loves a good courtroom drama.  So just imagine this pitch: henchmen of an evil dictator hack their way into a movie studio computer system.  Once inside, they steal the most sensitive personal information of the studio’s stars, executives and employees.  Their most intimate secrets, spilled over the Internet.  Who can help these poor souls?  Why, the brave and hard working class action lawyers, that’s who.  Through grit, pluck and lawyerly derring-do, our intrepid heroes soon bring the evil wrongdoers to justice.  Think “The Manchurian Candidate” meets “Erin Brockovitch”.

But real life is rarely like the movies, even when it involves the movies.  Yes, Sony Pictures Entertainment (“SPE”) did suffer a cyberattack that disclosed employees’ personally identifiable information (“PII”).  The data breach was allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of North Korean dictator Kim Jong-Un.  And class action litigation predictably followed.  But the evil wrongdoers who faced the wrath of class counsel?  Alas, the hackers were inconveniently beyond the reach of our legal system and, thus, unavailable to answer for their crime.  So SPE, the studio victimized by the hack, would have to do.

And the result of this drama?

Continue Reading It’s A Wrap! Sony Pictures Data Breach Case Settles Without A Hollywood Ending For The Plaintiff Class

My colleague Mitch Danzig, was quoted in a SHRM article entitled, Keep Employees on the Ball During March Madness, in which he provides strategies for employers to avoid legal claims when monitoring employees’ computer use. The article outlines ways employers can both manage “cyberslacking” and boost morale in the workplace during March Madness.