On January 18, 2022, New Jersey Governor Phil Murphy signed into law Assembly Bill No. 3950, requiring employers to provide written notice to employees prior to the use of tracking devices in vehicles used by employees. The Act will go into effect on April 18, 2022.
Continue Reading New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices
Workplace Privacy
California Assembly Introduces Bills to Extend CCPA/CPRA Exemptions for HR and B2B Data
On February 18, 2022, California Assembly Member Evan Low introduced a pair of bills that would extend the duration of the current exemptions in the CCPA/CPRA for certain HR data and business-to-business customer representative personnel data from most of the law’s requirements. …
Continue Reading California Assembly Introduces Bills to Extend CCPA/CPRA Exemptions for HR and B2B Data
NYC to Regulate Artificial Intelligence-Based Hiring Tools
On November 10, 2021, the New York City Council passed a bill prohibiting employers and employment agencies from using automated employment decision tools to screen candidates or employees, unless a bias audit has been conducted prior to deploying the tool. The Bill takes effect on January 2, 2023.
Continue Reading NYC to Regulate Artificial Intelligence-Based Hiring Tools
New York State Requires Private Employers to Notify Employees of Electronic Monitoring
On November 8, 2021, New York Governor Kathy Hochul signed into law A.430/S.2628, which requires private employers with a place of business in New York State to provide their employees prior written notice, upon hiring, of any electronic monitoring, as defined in the Act, to which the employees will be subjected by the employer.
Continue Reading New York State Requires Private Employers to Notify Employees of Electronic Monitoring
OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
On September 30, 2021, the U.S. Department of Health and Human Services’ Office for Civil Rights issued guidance regarding when the HIPAA Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status. The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies.
Continue Reading OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information
UK ICO Consults on Data Protection and Employment Practices
On August 12, 2021, the UK Information Commissioner’s Office (“ICO”) published a call for views on data protection and employment practices. The ICO intends to update its employment practices code and associated guidance, originally produced under the Data Protection Act 1998, which has now been replaced by the UK General Data Protection Regulation (“UK GDPR”) and Data Protection Act 2018 (“DPA 2018”). The ICO is requesting responses from large and small employers, workers, volunteers, trades unions, employment dispute resolution bodies, recruitment agencies, professional and trade bodies, and suppliers of employment technology solutions.
…
Continue Reading UK ICO Consults on Data Protection and Employment Practices
Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
As reported on the Hunton Retail Law Blog, the U.S. Court of Appeals for the Second Circuit has affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. Notably, the district court that dismissed the action raised the issue of standing sua sponte in advance of a scheduled class settlement fairness hearing.
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds
Hamburg DPA Imposes Fine of 35.3 Million Euros on H&M
On October 1, 2020, the Hamburg Data Protection Authority fined H&M € 35.3 million for unlawful employee monitoring practices in the company’s service center concerning several hundred employees.
Continue Reading Hamburg DPA Imposes Fine of 35.3 Million Euros on H&M
Belgian DPA Publishes Guidance on Temperature Checks for COVID-19 Monitoring
On June 5, 2020, the Belgian Data Protection Authority published some guidance on its website regarding temperature checks amid of the COVID-19 crisis.
Continue Reading Belgian DPA Publishes Guidance on Temperature Checks for COVID-19 Monitoring
Dutch DPA Fines Company 750,000 Euros for Unlawful Employee Fingerprint Processing
The Dutch Data Protection Authority recently imposed a €750,000 fine on a company for unlawful processing of employees’ fingerprints for attendance taking and time registration purposes.
…
Continue Reading Dutch DPA Fines Company 750,000 Euros for Unlawful Employee Fingerprint Processing