On August 16, 2022, California Assembly Member Cooley introduced amendments to Assembly Bill 1102 that would extend the California Consumer Privacy Act’s temporary exemptions for HR and B2B data for an additional two years – until January 1, 2025.
Continue Reading Update: California Legislation Proposes Extending CCPA Exemptions for HR and B2B Data

On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 and the Federal Rotational Cyber Workforce Program Act, two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.
Continue Reading President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity

On January 18, 2022, New Jersey Governor Phil Murphy signed into law Assembly Bill No. 3950, requiring employers to provide written notice to employees prior to the use of tracking devices in vehicles used by employees. The Act will go into effect on April 18, 2022.
Continue Reading New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices

On February 18, 2022, California Assembly Member Evan Low introduced a pair of bills that would extend the duration of the current exemptions in the CCPA/CPRA for certain HR data and business-to-business customer representative personnel data from most of the law’s requirements.
Continue Reading California Assembly Introduces Bills to Extend CCPA/CPRA Exemptions for HR and B2B Data

On November 10, 2021, the New York City Council passed a bill prohibiting employers and employment agencies from using automated employment decision tools to screen candidates or employees, unless a bias audit has been conducted prior to deploying the tool. The Bill takes effect on January 2, 2023.
Continue Reading NYC to Regulate Artificial Intelligence-Based Hiring Tools

On November 8, 2021, New York Governor Kathy Hochul signed into law A.430/S.2628, which requires private employers with a place of business in New York State to provide their employees prior written notice, upon hiring, of any electronic monitoring, as defined in the Act, to which the employees will be subjected by the employer.
Continue Reading New York State Requires Private Employers to Notify Employees of Electronic Monitoring

On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

On August 12, 2021, the UK Information Commissioner’s Office (“ICO”) published a call for views on data protection and employment practices. The ICO intends to update its employment practices code and associated guidance, originally produced under the Data Protection Act 1998, which has now been replaced by the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA 2018”). The ICO is requesting responses from large and small employers, workers, volunteers, trades unions, employment dispute resolution bodies, recruitment agencies, professional and trade bodies, and suppliers of employment technology solutions.

Continue Reading UK ICO Consults on Data Protection and Employment Practices

As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds