Data privacy

Subscribe to Data privacy via RSS

Illinois employers have been waiting for answers on two important questions regarding the Illinois Biometric Information Privacy Act (BIPA):

  1. Whether the Illinois Workers’ Compensation Act (the Compensation Act) preempts BIPA statutory damages, and
  2. Whether BIPA claims accrue each time a person’s biometric information is scanned or transmitted without informed consent–or just the first time.

The

Special thanks to Guest Contributor Harry Valetk.

In early May, private sector employers in New York will face new disclosure requirements for electronic monitoring of employees.  Beginning May 7, 2022, New York will join Connecticut and Delaware among the states that now require employers to provide written notice to new hires who are subject to electronic monitoring.  These new disclosure requirements come after Governor Kathy Hochul signed into law amendments to Civil Rights Chapter 6, Article 5, Section 52-C*2.

Here’s what New York employers need to know now about the new law:

Who is covered under the law? All private employers with a place of business in New York regardless of size. “Employer” is defined as any individual, corporation, partnership, firm, or association with a place of business in the state (not including the state or any political subdivision of the state).

What does the law require?  In practice, the law requires employers to (1) provide employees with a notice of electronic monitoring, (2) obtain proof of acknowledgement, and (3) prominently post the notice for all to see.Continue Reading New York’s New Electronic Monitoring Disclosure Law Requires Action Before May

Many thanks to Lothar Determann and Jonathan Tam for this post.

Some of your job applicants and employees in California may be alarmed if you tell them you sell their personal information. But you will have to say you sell their personal information if you disclose their personal information to third parties after January 1, 2022 without including certain data processing clauses in your contracts, as required by the California Consumer Privacy Act (CCPA). So we recommend reviewing these contracts to ensure they include the prescribed clauses if you wish to avoid being a “seller” of personal information.

You should also get ready to field data access, deletion, correction, portability and other requests from your employees and other personnel in California starting January 1, 2023. This will require implementing new protocols and training up your human resources and compliance teams. We also recommend tightening up your data retention and deletion protocols to limit the amount of information you have to review when handling data subject requests.

Do you use employee monitoring software or algorithms to help you evaluate job applicants? You should ensure that your use of these and similar tools address upcoming requirements regarding automated decision-making, risk assessments and the use of sensitive personal information. Note that the CCPA also currently requires employers to issue privacy notices to their California employees pursuant to a California Privacy Rights Act (CPRA) amendment that took effect on December 16, 2020.

There is an HR exception under the CCPA but it is not comprehensive and expires January 1, 2023. When the CCPA originally passed in 2018, it included a limited, temporary carve-out for personal information of job applicants, employees, independent contractors and other personnel, who only needed to receive a brief “notice at collection.” The CPRA extended the limited carve-out until January 1, 2023 and immediately expanded the list of disclosures that employers have to provide to employees and candidates at or before the time of collecting their personal information.[1] Such “notices at collection” must include details about the types of personal information collected, the purposes for which the information is collected, and how long the personal information is retained or the criteria for determining the same. The California Attorney General’s CCPA Regulations also require notices at collection to indicate whether the business sells California residents’ personal information and a notice of the their right to opt-out of sales if so, and a link to the business’s privacy policy.[2] You should begin to address these requirements immediately if you have not done so already.Continue Reading Employers Must Prepare Now For New California Employee Privacy Rights

We identified and mapped out our most relevant blog posts, articles and video chats to serve as a quick and handy roadmap to recovery and renewal for your company.

Our 2022 Employment & Compensation Resource Navigator provides US multinational companies organized links to Baker McKenzie’s most helpful, relevant thought leadership in one brief document. Arranged

Special thanks to guest contributors Melissa Allchin and Harry Valetk

Our Labor and Employment, Global Immigration and Mobility, and Data Privacy lawyers discuss vaccine passports — what they are, how countries are already using them domestically and for international travelers, data privacy concerns related to the use of digital health documentation, and what employers should

Special thanks to guest contributors John Evason and Monica Kurnatowska.

The pandemic instantly proved that remote work is possible for a large swath of workers, but also brought a sharp focus on issues such as mental well-being, team engagement, productivity, data privacy and cybersecurity risks, and much more.

Simultaneously, as businesses were trying to

Special thanks to our guest contributors Matthew Gorman and Cristina Messerschmidt.

In this Mobility Minute, our Immigration and Data Privacy lawyers will be looking at the issue of data privacy, or lack thereof, at US ports of entry, including international airports. We will review a recent court decision that appears to further minimize protections

With special thanks to Lothar Determann for this post.

The California Privacy Rights Act of 2020 (CPRA) introduces sweeping changes to the California Consumer Privacy Act of 2018 (CCPA), which already imposes an obligation on California employers to issue privacy notices to employees since January 1, 2020. These notices must be updated as