In brief

As the COVID-19 pandemic stretched across the globe, companies shifted to remote working environments and many reduced staff, all without much of an opportunity to prepare. The past two months have presented a serious threat to data security, including the most vulnerable financial data, personal data of employees and customers, and trade secrets. These risks cut across all sectors — financial services, industrial manufacturers, health care, and professional services. Recent experience confirms that an effective information security strategy should target these most-common threats: phishing, data sprawl, and employee mobility/redundancies.

How to Protect Your Company

Take a holistic approach to threat mitigation and data loss prevention in the face of increased risks. Such an approach must account for data protection, intellectual property (including trade secrets), and employment law. Here are the action items in these uncertain times to help address and mitigate the legal and regulatory risks:


Continue Reading International: Initial Lessons Learned as COVID-19 Exposes Critical Gaps in Information Security

Welcome to Baker McKenzie’s Labor and Employment video chat series! In these quick and bite-sized video chats, our employment partners team up with practitioners in various areas of law to discuss the most pressing issues for employers navigating the return to work.

This series builds on our recent client alert and webinar on reopening for

2019 kept US employers on their toes. From intensifying scrutiny of independent contractor relationships, data privacy changes, and hostility to arbitration agreements to continued pressure to examine pay data, increasing employee activism and politically charged discourse in the workplace, it has been a busy year!

Click here to continue reading the US Employment Law Digest.

As we previously reported, in January, in Rosenbach v. Six Flags Entertainment Corp., the Illinois Supreme Court held that a plaintiff need not plead an actual injury beyond a per se statutory violation to state a claim for statutory liquidated damages or injunctive relief under the Illinois Biometric Privacy Act (BIPA).

(By way of reminder, the Illinois BIPA prohibits gathering biometric data such as fingerprints without notice and consent. It also requires data collectors adopt a written policy and a destruction policy for data which is no longer required.)

In the wake of Rosenbach, dozens more class actions have been filed in Illinois state courts. Following Rosenbach,plaintiffs can seek injunctive relief and statutory penalties under the BIPA on a class-wide basis. Despite the flurry of activity by the plaintiff’s bar over the past several years, Illinois courts have only recently started addressing such claims. The rulings since Rosenbach demonstrate a strong commitment not to deviate from the Illinois Supreme Court’s holding.
Continue Reading BIPA After Rosenbach — A Broad Interpretation By Illinois Courts

Many viewed the highly anticipated coming into force of the European Union’s General Data Protection Regulation (GDPR) on May 25, 2018 as the “finish line” for the marathon efforts towards privacy compliance that took place in the months running up to this date. In reality, however, this date should be treated instead as a “starting

By now, you have no doubt heard about the passage of the California Consumer Privacy Act of 2018, going into effect January 1, 2020. This new privacy legislation will force many companies – whether headquartered in or out of California – into compliance with several onerous requirements. Some have called it California’s answer to the (notorious) GDPR. But what does this mean from an employment perspective?

It means that despite the title, the Act extends certain protections to California employees because it defines “consumer” as “any natural person who is a California resident.” Therefore, regardless of where your company is located, if it employs at least one individual who is living or domiciled in the state and also meets one of the thresholds below, it must comply at least with regard to all California residents, including employees.


Continue Reading Yes, The California Consumer Privacy Act Covers California-Based Employees

(With special thanks to our Global Equity Services team and Lothar Determann for collaborating on this post.)

One month from today, on May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will go into effect. In light of this, we have been recommending companies review their data privacy policies and practices in the context of equity plan participation and update their share plan documents. In the final month, we want to highlight these items again and encourage you to make sure your company’s equity programs are ready for the GDPR.


Continue Reading Countdown to GDPR… Are Your Equity Plans Ready?