On November 10, 2021, the New York City Council passed a bill prohibiting employers and employment agencies from using automated employment decision tools to screen candidates or employees, unless a bias audit has been conducted prior to deploying the tool. The Bill takes effect on January 2, 2023.
Continue Reading NYC to Regulate Artificial Intelligence-Based Hiring Tools

On November 8, 2021, New York Governor Kathy Hochul signed into law A.430/S.2628, which requires private employers with a place of business in New York State to provide their employees prior written notice, upon hiring, of any electronic monitoring, as defined in the Act, to which the employees will be subjected by the employer.
Continue Reading New York State Requires Private Employers to Notify Employees of Electronic Monitoring

As reported on the Hunton Retail Resource Blog, on October 20, 2021, a new wave in the fight against “robocalls” is targeting telemarketing text messages. In the past six months, there has been an uptick in activity at both the state and federal level to reign in telemarketing text messages.
Continue Reading Fight Against Robocalls Is Coming for Telemarketing Text Messages

On October 15, 2021, the U.S. District Court for the District of Massachusetts entered a final order approving a $14 million class action settlement resolving claims against Hello Fresh for alleged violations of the Telephone Consumer Protection Act, 47 U.S.C. § 227, et seq. According to plaintiffs’ attorneys, this settlement is the largest TCPA class action settlement in Massachusetts state history.
Continue Reading Court Approves Settlement with HelloFresh Over Alleged TCPA Violations

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020, California’s data breach notification law and California’s data security law. Additional bills, amending the California Confidentiality of Medical Information Act and the California Insurance Code, also were also signed into law. The Governor also signed into law a bill protecting the privacy and security of genetic data processed by direct-to-consumer genetic testing companies, and a bill designed to prevent the sale, purchase and use of data obtained by illegal means.
Continue Reading California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect

On September 17, 2021, in Tims v. Black Horse Carriers Inc., Ill. App. Ct., 1st Dist., No. 1-20-563, the Illinois Appellate Court, in a case of first impression at the appellate level, addressed the statute of limitations under the state’s Biometric Information Privacy Act, holding that a five-year period applies to BIPA claims that allege the failure to (1) provide notice of the collection of biometric data, (2) take care in storing or transmitting biometric data, or (3) develop a publicly-available retention and destruction schedule for biometric data.
Continue Reading Illinois Biometric Law Limitation Period Clarified by Illinois Court