International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms

Share

The U.K. Information Commissioner’s Office recently confirmed the options and clarified the timing of new data transfer agreements for transfers of personal data out of the U.K. The situation has been somewhat confusing, even to those relatively familiar with international data transfers. Organizations can now review their data transfer arrangements with greater certainty, and this will be a key priority for 2022.

Continue reading “International Data Transfers: Clarity on Timing of U.K. Transfer Mechanisms”

Illinois Supreme Court: BIPA Claims Not Barred By Workers’ Compensation Act

Share

The Illinois Supreme Court ruled that workers compensation preemption is not a defense to plaintiffs’ claims for damages under the Illinois Biometric Information Privacy Act. The February 3, 2022 ruling in McDonald v. Symphony Bronzeville Park, LLC, 2022 IL 126511 will likely awaken many long-stayed BIPA class action lawsuits and pave the way for new ones to be filed.

Continue reading “Illinois Supreme Court: BIPA Claims Not Barred By Workers’ Compensation Act”

FTC Staff Report on ISP Privacy Practices Paves the Way for an FTC Privacy Rulemaking in the New Year

Share

Following up on a mandatory 2019 request for information issued by the Federal Trade Commission (FTC) to the largest Internet Service Providers (ISPs) in the United States, the FTC staff in late October issued a Report titled – A Look at What ISPs Know About You: Examining the Privacy Practices of Six Major Internet Service Providers. Among the agency staff’s general findings on ISP data collection and use practices, the most striking perhaps is the apparent degree of integration among ISPs and advertisers with respect to their data collection and use practices. The report also highlights the tools ISPs offer to customers to either manage or control many types of ISP data collection and use.

The information presented in the Report is aggregated and de-identified and has been supplemented with information gathered from follow-up FTC staff questions and meetings with the ISPs that were the subjects of the FTC information request. The Report’s summary of information on real-world ISP data practices could prove useful as Congress wrestles with the potential for federal privacy legislation and states review the need for legislation.

Continue reading “FTC Staff Report on ISP Privacy Practices Paves the Way for an FTC Privacy Rulemaking in the New Year”

New Workplace Privacy Legislation Requires New York Private Employers to Inform Employees of Electronic Monitoring

Share

On November 8, 2021, New York Governor Kathy Hochul signed new workplace privacy legislation (A.430/S.2628) into law. Beginning in May 2022, private employers with a “place of business” in the state of New York will have to inform their employees if the employer “monitors or otherwise intercepts” telephone conversations, e-mail, or internet access or usage “of or by an employee by any electronic device or system.” This legislation does not apply to state or local government employers.

Continue reading “New Workplace Privacy Legislation Requires New York Private Employers to Inform Employees of Electronic Monitoring”

Zombie PHR Breach Rule Rises From the Dead

Share

If an entity that offers a personal health record identifies a breach of information in that record, it is required to provide notice to each impacted individual and to the FTC within 60 calendar days of discovery.

Yesterday, the FTC issued a policy statement announcing a new interpretation of the FTC’s 10-year-old “Personal Health Record Breach Notification Rule.” As the FTC acknowledges, this rule has never been enforced by the FTC. The FTC’s announcement indicates its intention to begin enforcing this rule, which allows the FTC to assess penalties of $43,792 per day of violation.

Continue reading “Zombie PHR Breach Rule Rises From the Dead”

©2022 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.