Workplace Privacy
Subscribe to Workplace Privacy's Posts

Brazil’s LGPD Takes Effect—With Early Enforcement

Brazil represents over half of all IT spend in Latin America, has the largest regional market for software outsourcing, employs a sizable IT workforce, manufactures consumer goods (including commercial airplanes and cars) and has an active consumer market of social media operated by global data aggregators. At a time when data privacy is becoming increasingly important to consumers, it seems only fitting that Brazil would adopt comprehensive privacy legislation to protect data privacy rights. The General Data Protection Law, the first law of its kind in Brazil, is now in effect, and we are already seeing enforcement. Streamlining the legal framework on data protection, the law sets forth a number of requirements addressing legal bases for processing, individual rights, governance and accountability and data transfers. Access the article.

Continue Reading

The Toughest Problem Set: Navigating Regulatory and Operational Challenges on University Campuses

When the academic year ended in the spring of 2020, many US university students assumed that a return to campus would be straightforward this fall. However, it is now clear—at least in the near term—that a return to the old “normal” will not be possible. Some universities have concluded that their best course of action is to offer only distanced learning for the time being. Other universities, however, are welcoming students back onto campus, and into residence and dining halls, classrooms, labs and libraries. Each of those universities is developing its own approach to retain the benefits of on-campus student life while reducing risk to the greatest extent possible; nevertheless, some have had to adjust their plans to pivot to remote learning when faced with clusters of positive cases on campus. One thing is clear: The fall semester will be a real-time, national learning laboratory. Because widespread, rapid testing remains unavailable in many locations,...

Continue Reading

Public Backlash Calls Use of Facial Recognition Systems into Question

In recent weeks and months, legal and technical issues related to use of facial recognition systems in the United States have received national attention, including concerns that the technology lacks accuracy in identifying non-white individuals and that its widespread use by police departments may play a role in racially discriminatory policing. Privacy considerations will play a key role in the ongoing debate over the future of facial recognition technology. Facial recognition systems (FRS) are automated or semi-automated technologies that analyze an individual’s features by extracting facial patterns from video or still images. FRS use attributes or features of an individual’s face to create data that can be used for the unique personal identification of a specific individual. FRS use has grown exponentially in recent years. In addition to widespread adoption by law enforcement agencies, FRS are also frequently used in retail, banking and security sectors,...

Continue Reading

Does GDPR Regulate My Research Studies in the United States?

The General Data Protection Regulation (GDPR) establishes protections for the privacy and security of personal data (Personal Data) about individuals in the European Union (EU) single market countries, and potentially affects the clinical and other scientific research activities of academic medical centers and other research organizations in the United States. This On the Subject includes frequently asked questions that discuss the extent to which United States research organizations must comply with GDPR when conducting research. Future coverage will address the impact of GDPR on other aspects of the United States health care sector. Continue reading.

Continue Reading

To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law

Although the Illinois Biometric Information Privacy Act has been on the books for almost 10 years, a recent surge in lawsuits has likely been brought on by developments in biometric scanning technology and its increased use in the workplace. At least 32 class action lawsuits have been filed in recent months by Illinois residents in state court challenging the collection, use and storage of biometric data by companies in the state. This could potentially cause a reevaluation of company strategies and development of new defenses in the use of advancing biometric technology. Read “To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law.”

Continue Reading

Where Are We Now? The NIST Cybersecurity Framework One Year Later

The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their cybersecurity posture. Without question, the Framework has sparked a national conversation about cybersecurity and the controls necessary to improve it.  With regulators embracing the Framework, industry will want to take note that a “voluntary” standard may evolve into a de facto mandatory standard.” Read the full On the Subject on the NIST Cybersecurity Framework on the McDermott website.

Continue Reading

Privacy and Data Protection: 2014 Year in Review

In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the draft data protection regulation and the “right to be forgotten,” the African Union adopted the Convention on Cybersecurity and Personal Data, and China improved the security of individuals’ information in several key areas. Meanwhile, Latin America’s patchwork of data privacy laws continues to evolve as foreign business increases. This report furnishes in-house counsel and others responsible for privacy and data protection with an overview of key action points based on these and other 2014 developments, along with advance notice of potential trends in 2015. McDermott will...

Continue Reading

Are You Monitoring Your French Employees? Make Sure You Have Registered That Activity with the CNIL!

French employers must declare monitoring to the French Data Protection Authority (CNIL) in advance if they want to use evidence obtained from that monitoring in court.   The use of the employee’s company mailbox for personal purposes is tolerated under French law, when reasonable. Where it is considered abusive, however, it could constitute a breach of conduct against which the employer may impose sanctions. Employers generally use monitoring software to discourage and establish evidence of abuse. Such software may be lawful provided the employer follows the rules stipulated by the French Labor Code and the French Data Protection Act to ensure the protection of personal data. In particular, the employer must submit information to and engage in consultation with the works council, provide information to employees impacted by the software, as well as make a formal declaration of the proposed monitoring activities to CNIL – except where a Data Protection...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES