On Thursday, October 5, 2017, Mintz Levin will host a webinar entitled “Handling Human Resources Data Under Privacy Shield and the GDPR,” which will address EU laws concerning the transfer of employee personal data to the US and the penalties for getting it wrong, which are set to increase dramatically when the GDPR goes into effect in May 2018.

For more information and to register, please click here.

Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the way companies think about wellness. Wearables are the latest in workplace fads and they’ve got the numbers to back it up: sales are likely to hit $4 billion in 2017 and 125 million units are likely to be shipped by 2019. Wearable technology has transformed the workplace just as more and more employers are utilizing wellness programs to improve employee motivation and health.  As the popularity of these technologies soars, so too will concerns around the associated privacy and data security risks.  In this blog post, we discuss just a few of the legal implications for employers who run wellness programs embracing this new fad.

Continue Reading March Fadness: Wearable Tech in the Workplace

Our sister blog, Privacy & Security Matters, has just published its annual update of U.S. state data breach notification laws known as the “Mintz Matrix”.  Read the full blog post on the 2017 update or access the new “Mintz Matrix” directly.

Amended breach notification laws went into effect in 5 states during 2016 and by the end of the year, more than 20 states had introduced or were considering new regulations or amendments to existing laws. As always, we will keep you apprised of changes as our privacy and security colleagues track them.

The number one threat to a company’s information (personal or confidential) is still its own employees. Having data security and privacy procedures in place which reflect the statutes of the states in which you operate, and training your employees on those procedures, is your company’s first line of defense against negligent employee behavior.

My colleague Mitch Danzig, was quoted in a SHRM article entitled, Keep Employees on the Ball During March Madness, in which he provides strategies for employers to avoid legal claims when monitoring employees’ computer use. The article outlines ways employers can both manage “cyberslacking” and boost morale in the workplace during March Madness.


The Court of Justice of the European Union (ECJ) has now declared Safe Harbor invalid – in total.  The ECJ has sent the case back to the Irish Data Protection Authority to determine whether Facebook Ireland’s transfer of personal data to the US is permitted under EU data protection law, in light of Facebook’s participation in the NSA’s PRISM program and bereft of the shelter of Safe Harbor.

If your company relies exclusively on Safe Harbor as the basis for its transfer of personal data from the EU to the US, it will need to find another basis for the transfer as soon as possible.  This is relevant to any US company that has employees in Europe and could impact how—and even if—HR personal data is transferred, accessed, processed from any EU employees to its US operations.  It could also impact the utilization of HRIS cloud systems.

Continue Reading EU Top Court Invalidates Safe Harbor; Data Transfer Concerns Arise for EU/US Employers; Learn More About this at Tomorrow’s Privacy Webinar