Data Privacy

Subscribe to Data Privacy via RSS

In brief

As the COVID-19 pandemic stretched across the globe, companies shifted to remote working environments and many reduced staff, all without much of an opportunity to prepare. The past two months have presented a serious threat to data security, including the most vulnerable financial data, personal data of employees and customers, and trade secrets. These risks cut across all sectors — financial services, industrial manufacturers, health care, and professional services. Recent experience confirms that an effective information security strategy should target these most-common threats: phishing, data sprawl, and employee mobility/redundancies.

How to Protect Your Company

Take a holistic approach to threat mitigation and data loss prevention in the face of increased risks. Such an approach must account for data protection, intellectual property (including trade secrets), and employment law. Here are the action items in these uncertain times to help address and mitigate the legal and regulatory risks:Continue Reading International: Initial Lessons Learned as COVID-19 Exposes Critical Gaps in Information Security

Welcome to Baker McKenzie’s Labor and Employment video chat series! In these quick and bite-sized video chats, our employment partners team up with practitioners in various areas of law to discuss the most pressing issues for employers navigating the return to work.

This series builds on our recent client alert and webinar on reopening for

The way we work has been permanently transformed by the rapid deployment of a largely remote workforce during the shelter-in-place. Threats to companies’ most valuable confidential data have not merely increased — an entirely new set of legal and technical risks to trade secrets have emerged over the last 90 days that are fundamentally different

As detailed in prior posts, in January, the Illinois Supreme Court held that a plaintiff need not plead an actual injury beyond a per se statutory violation to state a claim for statutory liquidated damages or injunctive relief under the Illinois Biometric Information Privacy Act (BIPA). While recent decisions applying BIPA have been largely Illinois-based, the Ninth Circuit recently applied BIPA in Patel v. Facebook to affirm a lower court’s ruling that plaintiffs in the ongoing Facebook BIPA class action alleged a concrete injury-in-fact to confer Article III standing and that the class was properly certified.

The Ninth Circuit is the first federal circuit court to conclude that a plaintiff alleging a BIPA violation has standing for purposes of Article III of the US Constitution. The ruling makes it easier for plaintiffs to certify BIPA class actions, within and outside of Illinois. 
Continue Reading The Ninth Circuit Clears The Way For BIPA Class Actions

California is known as one of the most progressive, pro-employee states in the country. But if the last several months are any indication, Illinois is quickly catching up.

Here’s a quick overview of what’s happening in the prairie state:

Illinois Wage Payment and Collection Act   

What’s New? As of January 1, 2019, employers must reimburse employees for all “necessary” expenses. So what’s a necessary expense? Anything required of the employee in the discharge of his/her employment duties that “inure to the primary benefit of the employer.” Computers, cell phones, uniforms, etc. may all constitute “necessary” expenses that the employer is required to reimburse.

Takeaway: Employers should review their policies, job descriptions, and third party contracts to determine which positions/roles may result in necessary expenditures.Continue Reading Is Illinois The New California For Employers?

As we previously reported, in January, in Rosenbach v. Six Flags Entertainment Corp., the Illinois Supreme Court held that a plaintiff need not plead an actual injury beyond a per se statutory violation to state a claim for statutory liquidated damages or injunctive relief under the Illinois Biometric Privacy Act (BIPA).

(By way of reminder, the Illinois BIPA prohibits gathering biometric data such as fingerprints without notice and consent. It also requires data collectors adopt a written policy and a destruction policy for data which is no longer required.)

In the wake of Rosenbach, dozens more class actions have been filed in Illinois state courts. Following Rosenbach,plaintiffs can seek injunctive relief and statutory penalties under the BIPA on a class-wide basis. Despite the flurry of activity by the plaintiff’s bar over the past several years, Illinois courts have only recently started addressing such claims. The rulings since Rosenbach demonstrate a strong commitment not to deviate from the Illinois Supreme Court’s holding.
Continue Reading BIPA After Rosenbach — A Broad Interpretation By Illinois Courts

On January 25, 2019, the Illinois Supreme Court issued a highly anticipated decision, Rosenbach v. Six Flags Entertainment Corporate et al., extending the reach of the Illinois Biometric Information Privacy Act (BIPA). BIPA is an Illinois privacy law that regulates the collection, use, and retention of biometric data such as fingerprints, face, and eye scans by imposing procedural requirements on corporations that collect the data. Though not an employment case, the decision impacts employers using biometric time-keeping systems in Illinois.
Continue Reading Unanimous Case For Class Actions: Illinois Supreme Court Finds BIPA Violations Actionable Even Without “Actual Injury”

2018 was, without a doubt, another extraordinary year for US employers. The #MeToo movement continues to have a tremendous impact on the workplace. In addition, the thorny issue of how to manage contractor classifications in the gig economy continued to evolve and new DOJ enforcement activity is heightening concerns about no-poaching agreements and other antitrust

The new data privacy rules are just around the corner…are you ready?

The EU General Data Protection Regulation (GDPR) comes into force May 25, 2018. GDPR introduces stricter requirements and higher penalties for violations, so it is important for companies to review their data privacy compliance not just with respect to customers but with respect