In our sister blog, Privacy and Security Matters, Cynthia Larose and Brian Lam discuss a new California privacy law passed on June 28, 2018 — the California Consumer Privacy Act of 2018. The new law creates broad consumer rights regarding their personal information, including a private right of action and statutory penalties. The law specifically provides protections for “employment-related information.”
As reported by our sister blog, Privacy and Security Matters, the European Union’s General Data Protection Regulation (GDPR) is a game changer, and it is likely to impact US based companies who do business in the EU, even if they don’t have a office or employees located there. We will present an in-person seminar in Boston (November 28), New York (November 29) and Washington, DC (November 30) to address GDPR compliance. You can register here.
Wearable technology continues to do a full court press on the marketplace and in the process, the step counters of the world and health apps tied to devices capable of tracking real-time biostatistics, are revolutionizing the way companies think about wellness. Wearables are the latest in workplace fads and they’ve got the numbers to back it up: sales are likely to hit $4 billion in 2017 and 125 million units are likely to be shipped by 2019. Wearable technology has transformed the workplace just as more and more employers are utilizing wellness programs to improve employee motivation and health. As the popularity of these technologies soars, so too will concerns around the associated privacy and data security risks. In this blog post, we discuss just a few of the legal implications for employers who run wellness programs embracing this new fad.
From: Ned Help
To: Carrie Counselor
Date: June 1, 2016
Subject: Lost laptop containing European customer information
A couple of weeks ago, you wrote me about an employee who will be engaging in a six-month temporary assignment around Europe to scope market opportunities. The employee was Abbie Absent-Minded. Well, we hit a snag pretty quickly. Abbie just e-mailed me to say that she left her laptop on a train in London last evening and it hasn’t turned up yet in the train company’s lost-and-found. It was a brand-new laptop that we had given her for her European assignment, so fortunately it didn’t have a lot on it. Abbie said that the laptop had contact information for her various marketing prospects, plus some sample customer data that she was given by one of her prospects to use in a demo of our web-based advertising product. She thinks that the customer data included around 200 records with the customer’s name, age, gender, e-mail address and the history of purchases that the customer made from our prospective client’s retail stores.
I assume that we should tell our prospective client that the laptop with their customer data was lost. What else do we need to think about?
While many employers shifted some of their focus to the new overtime rules in the past couple of weeks, cybersecurity remains top of mind for most. The reason? Because the number one threat to a company’s information (personal or confidential) is still its own employees.
Data security and privacy training are the first lines of defense against negligent employee behavior. Thus, our colleague, Cynthia Larose, the Chair of Mintz’s Privacy & Security Practice, thought it prudent to put together a webinar on this very issue.
Join Cynthia and Kirsten Liston, SVP of Product & Market Strategy at ThreatReady Resources, as they explore why traditional training programs are falling short and what you can do to boost your efforts and counter top concerns regarding malicious and negligent employee handling of personal and confidential data.
The webinar will take place on Wednesday, June 22, 2016 at 1PM EST. You can register here. We hope you’ll join us.
From: Carrie Counselor
To: Ned Help
Date: May 19, 2016
Subject: RE: Privacy considerations for employees working abroad
I understand that one of your employees will be engaging a six-month temporary assignment around Europe to scope market opportunities, and you’d like to have a better understanding of what to be thinking about in terms of privacy. Great question! This is an area where many employers struggle because other jurisdictions protect privacy and personal data quite differently than we do here in the United States.
Not only is it “March Madness” time, it is also prime tax return filing time. That means that the email scammers are out in full force as well.
In the last 10 days, we have seen a marked uptick in what are called “phishing” attacks. Actually, it’s more like an epidemic.
Our sister blog — Privacy and Security Matters — has released its annual update to the Mintz Matrix of State Data Breach Notification Laws, which highlights some significant changes in important states — such as California and Florida. We hope you’ll find it useful.
Mintz’s Privacy Team maintains a summary of the US state data breach notification laws, which it refers to as the “Mintz Matrix,” and updates on a quarterly basis or more frequently if developments dictate. This week, the Privacy Team updated the Matrix once again, this time to reflect recent changes to Kentucky and Iowa’s laws. The Mintz Matrix is available here. One of our sister blogs, Privacy & Security Matters, also discusses the changes to those laws in more detail here.
Note: The chart is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.