On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
Workplace Privacy
Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
Posted on
As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.…
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
Hamburg DPA Imposes Fine of 35.3 Million Euros on H&M
Posted on
On October 1, 2020, the Hamburg Data Protection Authority fined H&M € 35.3 million for unlawful employee monitoring practices in the company’s service center concerning several hundred employees.…
Continue Reading Hamburg DPA Imposes Fine of 35.3 Million Euros on H&M
Belgian DPA Publishes Guidance on Temperature Checks for COVID-19 Monitoring
Posted on
On June 5, 2020, the Belgian Data Protection Authority published some guidance on its website regarding temperature checks amid of the COVID-19 crisis.…
Continue Reading Belgian DPA Publishes Guidance on Temperature Checks for COVID-19 Monitoring
Dutch DPA Fines Company 750,000 Euros for Unlawful Employee Fingerprint Processing
Posted on
The Dutch Data Protection Authority recently imposed a €750,000 fine on a company for unlawful processing of employees’ fingerprints for attendance taking and time registration purposes.
…
Continue Reading Dutch DPA Fines Company 750,000 Euros for Unlawful Employee Fingerprint Processing
NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic
Posted on
Posted in Information Security, Workplace Privacy
On April 13, 2020, the New York Department of Financial Services issued guidance to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.…
Continue Reading NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic
CNIL Publishes Standard on HR Data Processing
Posted on
On April 15, 2020, the French Data Protection Authority published the final version of its standard concerning the processing of personal data for core Human Resources management purposes.…
Continue Reading CNIL Publishes Standard on HR Data Processing
EDPB Assigns Mandates to Develop Guidance on Data Processing and COVID-19
Posted on
On April 7th, the European Data Protection Board announced that it had assigned mandates to its expert subgroups to develop guidance on several aspects of data processing amidst the COVID-19 crisis. …
Continue Reading EDPB Assigns Mandates to Develop Guidance on Data Processing and COVID-19
COVID-19: Temporary Work-From-Home Models and PCI DSS Compliance
Posted on
Posted in Information Security, Workplace Privacy
Special challenges are created when emergency work-from-home orders affect payment cardholder data that is subject to the Payment Card Industry’s Data Security Standard.…
Continue Reading COVID-19: Temporary Work-From-Home Models and PCI DSS Compliance
CNIL Releases Guidance on Teleworking
Posted on
On April 1, 2020, the French Data Protection Authority released guidance for employers on how to implement teleworking as well as best practices for their employees in this context. …
Continue Reading CNIL Releases Guidance on Teleworking