Multinational employers operating in China have been waiting since September 2023 for the Cyberspace Administration of China (CAC) to finalize proposed revisions to its complex and burdensome rules for cross-border data...more
As employment-related artificial intelligence (“AI”) tools proliferate, multinational employers feel increasing pressure to deploy AI across their global offices. These tools can provide great value and efficiency across the...more
3/1/2024
/ Algorithms ,
Artificial Intelligence ,
Bias ,
Data Collection ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Discrimination ,
Employer Liability Issues ,
Employer Responsibilities ,
General Data Protection Regulation (GDPR) ,
Hiring & Firing ,
Innovative Technology ,
Intellectual Property Protection ,
International Data Transfers ,
Job Applicants ,
Notice Requirements ,
Personal Data ,
Popular ,
Privacy Concerns ,
Regulatory Oversight ,
Risk Management
Employers had a big win in late June 2023 when a trial court in Sacramento enjoined until March 29, 2024, enforcement of the final regulations under the California Privacy Rights Act (CPRA), the only one of 14 recently...more
2/21/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cooperative Compliance Regime ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Employer Liability Issues ,
Information Governance ,
Personal Data ,
Popular ,
Regulatory Requirements
Following on the heels of the launch of the EU-U.S. Data Privacy Framework (DPF) this summer, the U.S. Department of Commerce has extended the DPF to cover transfers of personal data from the United Kingdom (UK) (and...more
With presidential assent granted on August 11, 2023, for India’s Digital Personal Data Protection Act, 2023 (“DPDA” or the “Act”), India joined the ranks of dozens of jurisdictions globally that have enacted comprehensive...more
As of July 17, 2023, U.S.-based multinational employers that can access the personal data of their workforce members in the European Union (EU) via a human resources information system (HRIS), or otherwise transfer the...more
7/20/2023
/ Cybersecurity Framework ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Regulatory Reform ,
Regulatory Requirements ,
Schrems I & Schrems II ,
Standard Contractual Clauses
After months of uncertainty, the rulemaking process for the California Privacy Rights Act (CPRA), the first-ever comprehensive U.S. data privacy law applicable to human resources data (“HR Data”), concluded on March 29,...more
With the enactment of the Colorado Privacy Act on July 7, 2021, Colorado now joins Virginia in transforming the first major state privacy law, the California Consumer Privacy Act (CCPA), from an outlier into what now appears...more
At long last, the European Commission, on June 4, 2021, adopted new Standard Contractual Clauses (“new SCCs”) to permit lawful transfers of personal data from the European Union (EU) to third countries such as the United...more
Less than a year after the California Consumer Privacy Act (CCPA) went into effect, California’s electorate approved a ballot measure that will substantially expand the privacy obligations the CCPA imposes on employers. On...more
11/6/2020
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data-Sharing ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
California’s governor may soon sign into law a one-year delay of the California Consumer Privacy Act’s (CCPA) full application to human resources data. On August 28, 2020, California’s legislature passed A.B. 1281, which...more
9/4/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
CPREA ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Exemptions ,
Information Governance ,
Personal Data ,
Personally Identifiable Information ,
State and Local Government
With the resurgence of COVID-19 infections across the United States, employers are facing growing pressure to ascertain whether their employees have contracted the virus. Temperature checks and symptoms screening, while...more
8/4/2020
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Data Collection ,
Employee Privacy Rights ,
Employer Liability Issues ,
Employer Responsibilities ,
Equal Employment Opportunity Commission (EEOC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Personal Data ,
Popular ,
Screening Procedures ,
Virus Testing ,
Workplace Safety
The Court of Justice of the European Union (“CJEU”), on July 16, 2020, invalidated the European Union-U.S. Privacy Shield Framework (“Privacy Shield”), which more than 5,300 U.S. organizations had relied on to lawfully...more
7/21/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On July 16, 2020, the European Court of Justice (CJEU)?the “supreme court” of the European Union (EU)?issued a surprise decision that for the second time in five years completely invalidates the special EU-to-U.S. personal...more
On November 20, 2018, the Illinois Supreme Court will hear oral arguments in a case that has significant implications for Illinois employers, though it is not an employment-law case.
Originally published by the Washington...more
Since mid-September 2017, more than 50 employers that use “biometric timeclocks” in Illinois have been targeted with class action lawsuits alleging violations of the state’s Biometric Information Privacy Act (“BIPA”). A...more
1/10/2018
/ Appeals ,
Biometric Information ,
Biometric Information Privacy Act ,
Class Action ,
Data Collection ,
Data Privacy ,
Employer Liability Issues ,
Employment Litigation ,
Facial Recognition Technology ,
Fingerprints ,
Personal Data ,
Personally Identifiable Information ,
Popular
Dear Littler: We are going to replace the punch-card timeclocks in our U.S. facilities with timeclocks that allow employees to “clock in” each day using their fingerprint. I’ve read about a flood of recently filed class...more
12/6/2017
/ Biometric Information ,
Biometric Information Privacy Act ,
Data Collection ,
Data Privacy ,
Data Security ,
Employer Liability Issues ,
Facial Recognition Technology ,
Fingerprints ,
Personal Data ,
Risk Management ,
Wage and Hour
The announcement by Equifax, Inc. that it had been victimized in a hacking incident involving the personal information of 143 million Americans generated headlines this past week. The sheer size of the hack means that most...more
9/18/2017
/ Corporate Counsel ,
Data Breach ,
Equifax ,
EU ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Risk Mitigation ,
State Data Breach Notification Statutes ,
Vendors
In response to the February 2, 2016, announcement by the European Commission (the "Commission") and the U.S. Commerce Department of a new framework, called the "Privacy Shield," to replace the invalidated U.S.-European Union...more
In a long-awaited and much-anticipated announcement, the U.S. Department of Commerce and the European Commission (the “Commission”) declared on February 2, 2016, that they had struck a deal on a new cross-border data transfer...more
The European Union’s (EU) new data protection framework, known as the General Data Protection Regulation (the “Regulation”), is, at bottom, a response to the astonishing evolution in online commerce. As a result, only one of...more
In the wake of last month's landmark decision by the European Court of Justice (ECJ) invalidating the U.S.-European Union (EU) Safe Harbor framework, hundreds of U.S. multinationals, no longer able to rely on the Safe Harbor...more
In a landmark decision that will dramatically affect thousands of U.S. companies that transfer personal data from the European Union ("EU") to the United States, the European Union Court of Justice ("ECJ") yesterday...more
10/7/2015
/ Cybersecurity ,
Data Protection ,
Data Security ,
Data Transfers ,
Enforcement Guidance ,
European Court of Justice (ECJ) ,
Federal Trade Commission (FTC) ,
Multinationals ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
PRISM Program ,
Safe Harbors ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework