To celebrate Data Privacy Day, we present our top ten data privacy and cybersecurity predictions for 2023. 1. Healthcare and Medical Data Security and Tracking The healthcare industry has been facing increased scrutiny for the protection of healthcare information both online and on apps. 2023 will see a significant increase in the number of lawsuits...
Much is being written about “remote work” – is it productive, will demand for it continue or be curtailed in a recession, is cybersecurity compromised, does it inhibit workplace culture, collaboration, etc. Lots of questions, few clear answers. The discussion seems largely centered on office workers, professional services providers like me, who generally can perform...
In 2021, New York City enacted a measure that banned the use of Automated Employment Decision-Making Tools (“AEDT”) to (1) screen job candidates for employment, or (2) evaluate current employees for promotion, unless the tool has been subject to a “bias audit, conducted not more than one year prior to the use of the tool.” The law...
In 2021, New York City enacted a measure that banned the use of Automated Employment Decision-Making Tools (“AEDT”) to (1) screen job candidates for employment, or (2) evaluate current employees for promotion, unless the tool has been subject to a “bias audit, conducted not more than one year prior to the use of the tool.”...
Last month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a bulletin with guidance concerning the use of online tracking technologies by covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). The OCR Bulletin follows a significant uptick in litigation concerning these technologies...
It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically seek more information about the breach...
On December 22, 2022, the Nevada Gaming Commission (NGC) adopted regulations creating new cybersecurity requirements for certain gaming operators. This action joins agencies in other jurisdictions moving quickly to protect consumers and their personal information in the gaming industry. The NGC adopted the October 17, 2022 version of the regulations, which become effective January 1,...
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022: 1. California Consumer Privacy Act FAQs: Employment Information As the California Privacy Rights Act moves toward taking effect and exceptions applying to employment-related data...
On December 16, 2022, the California Privacy Protection Agency (CPPA) had its final meeting before the California Privacy Rights Act (CPRA) which amended the California Consumer Privacy Act takes effect on January 1, 2023. Despite the CPRA taking effect at the start of the year, the CPPA, the agency charged with implementing the law, has...
On January 1, 2023, Virginia’s Consumer Data Protection Act (CPDA) takes effect. Key features of the CPDA include expansive consumer privacy rights (right to access, right of rectification, right to delete, right to opt-out, right of portability, right against automatic decision making), a broad definition of “personal information”, the inclusion of a “sensitive data” category,...