On November 8, 2021, New York Governor Kathy Hochul signed new workplace privacy legislation (A.430/S.2628) into law. Beginning in May 2022, private employers with a “place of business” in the state of New York will have to inform their employees if the employer “monitors or otherwise intercepts” telephone conversations, e-mail, or internet access or usage “of or by an employee by any electronic device or system.” This legislation does not apply to state or local government employers.
Category: Privacy
7 Tips to Keep Your Remote Work Setup Secure
Privacy, cybersecurity & data strategy counsel Jason G. Weiss and associate Grayson Harbour coauthored an article for Indianapolis Business Journal titled “7 Tips to Keep Your Remote Work Setup Secure.”
Continue reading “7 Tips to Keep Your Remote Work Setup Secure”
Zombie PHR Breach Rule Rises From the Dead
If an entity that offers a personal health record identifies a breach of information in that record, it is required to provide notice to each impacted individual and to the FTC within 60 calendar days of discovery.
Yesterday, the FTC issued a policy statement announcing a new interpretation of the FTC’s 10-year-old “Personal Health Record Breach Notification Rule.” As the FTC acknowledges, this rule has never been enforced by the FTC. The FTC’s announcement indicates its intention to begin enforcing this rule, which allows the FTC to assess penalties of $43,792 per day of violation.
Continue reading “Zombie PHR Breach Rule Rises From the Dead”
Colorado Privacy Act: The Patchwork of State Privacy Regimes Grows
With Colorado Governor Jared Polis expected to sign the Colorado Privacy Act, SB-190 into law in the coming days, Colorado will join California and Virginia as the third state with a comprehensive data privacy law.1 The Colorado Privacy Act (“CPA”)—which passed with bipartisan support in both the Colorado House and Senate—is similar, but not identical, to the California and Virginia data privacy laws. Although its provisions will not take effect until July 1, 2023, the passage of the CPA grows the patchwork of state privacy regimes and may spur further calls for a uniform federal standard, as compliance for businesses becomes increasingly complicated.
Continue reading “Colorado Privacy Act: The Patchwork of State Privacy Regimes Grows”
Faegre Drinker on Law and Technology Podcast: Privacy Issues and COVID-19
Privacy issues and COVID-19: what do they mean to you and your business? In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with Faegre Drinker’s Reed Abrahamson about the pandemic’s impact on privacy and data security. They examine how organizations are working to balance obligations to simultaneously protect data and their employees’ well-being — along with the risks employers should consider when collecting COVID-related employee information.
Continue reading “Faegre Drinker on Law and Technology Podcast: Privacy Issues and COVID-19”
Disruptionware VI: Cyber-Attack against Colonial Pipeline Illustrates Continued Vulnerability of American Energy and Infrastructure Targets
Disruptionware attacks have become increasingly more common over the last few months. Just last month, I wrote about a dangerous disruptionware attack against a Florida Water Treatment Center that could have been a mass casualty event. For more information on these types of attacks, please refer to our posts on different types of disruptionware attacks and how disruptionware attacks work.