Search

Search form

Jason C. GavejianBlog Posts

See all

Employee Monitoring: New York Establishes New Requirements for Employers

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,...
November 19, 2021

DOJ Announces Cybersecurity Enforcement Initiative Targeting Federal Contractors

Last week, the Department of Justice (“DOJ”) announced the launch of its Civil Cyber-Fraud Initiative (“the Initiative”) aimed at combating “new and emerging cyber threats to the security of sensitive information and critical systems” specifically targeting accountability of cybersecurity obligations for federal contractors and federal grant recipients, by way of the False Claims Act.  The...
October 18, 2021

California Expands Privacy and Security Requirements for Genetic Data

With health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data.  First, AB 825, will expand the definition of personal information to include genetic data, for data breach notification requirements for businesses... Continue Reading
October 9, 2021

California Expands Privacy and Security Requirements for Genetic Data

With health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data.  First, AB 825, will expand the definition of personal information to include genetic data, for data breach notification requirements for...
October 8, 2021

Health App Alert: FTC Expands Scope Health Breach Notification Rule

The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information.  The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal...
October 5, 2021

Illinois Panel Issues Important Ruling on BIPA Statute of Limitations

On September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information Privacy Act (“BIPA”) in Tims v. Black Horse Carriers, Inc. The Tims decision marks the first appellate guidance regarding this issue.  Although...
September 20, 2021

Baltimore Officially Bans Private Use of Facial Recognition Technology

Yesterday, Baltimore’s local ordinance prohibiting persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any information obtained from certain face surveillance technology,” became effective.  The new ordinance prohibits the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022. Baltimore...
September 9, 2021

FBI/CISA Alert: Increased Likelihood of Ransomware Attacks Over Labor Day Weekend

Watch out! A spike in ransomware attacks may be headed our way over Labor Day weekend. Yesterday, the FBI jointly with the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to be on high alert for ransomware attacks this weekend, after recent targeted attacks over Mother’s Day, Memorial Day and Fourth of July weekends....
September 3, 2021

As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and Fraud

Facial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices...… Continue Reading
July 28, 2021

Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach Cases

Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity...… Continue Reading
July 23, 2021

Pages