Jason C. GavejianBlog Posts
Employee Monitoring: New York Establishes New Requirements for EmployersEarlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace. Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,...November 19, 2021 |
DOJ Announces Cybersecurity Enforcement Initiative Targeting Federal ContractorsLast week, the Department of Justice (“DOJ”) announced the launch of its Civil Cyber-Fraud Initiative (“the Initiative”) aimed at combating “new and emerging cyber threats to the security of sensitive information and critical systems” specifically targeting accountability of cybersecurity obligations for federal contractors and federal grant recipients, by way of the False Claims Act. The...October 18, 2021 |
California Expands Privacy and Security Requirements for Genetic DataWith health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data. First, AB 825, will expand the definition of personal information to include genetic data, for data breach notification requirements for businesses... Continue ReadingOctober 9, 2021 |
California Expands Privacy and Security Requirements for Genetic DataWith health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data. First, AB 825, will expand the definition of personal information to include genetic data, for data breach notification requirements for...October 8, 2021 |
Health App Alert: FTC Expands Scope Health Breach Notification RuleThe Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information. The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal...October 5, 2021 |
Illinois Panel Issues Important Ruling on BIPA Statute of LimitationsOn September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information Privacy Act (“BIPA”) in Tims v. Black Horse Carriers, Inc. The Tims decision marks the first appellate guidance regarding this issue. Although...September 20, 2021 |
Baltimore Officially Bans Private Use of Facial Recognition TechnologyYesterday, Baltimore’s local ordinance prohibiting persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any information obtained from certain face surveillance technology,” became effective. The new ordinance prohibits the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022. Baltimore...September 9, 2021 |
FBI/CISA Alert: Increased Likelihood of Ransomware Attacks Over Labor Day WeekendWatch out! A spike in ransomware attacks may be headed our way over Labor Day weekend. Yesterday, the FBI jointly with the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning to be on high alert for ransomware attacks this weekend, after recent targeted attacks over Mother’s Day, Memorial Day and Fourth of July weekends....September 3, 2021 |
As Facial Recognition Technology Surges, Organizations Face Privacy and Cybersecurity Concerns, and FraudFacial recognition technology has become increasingly popular in recent years in the employment and consumer space (e.g. employee access, passport check-in systems, payments on smartphones), and in particular during the COVID-19 pandemic. As the need arose to screen persons entering a facility for symptoms of the virus, including temperature, thermal cameras, kiosks, and other devices...… Continue ReadingJuly 28, 2021 |
Connecticut Enacts Safe Harbor from Punitive Damages in Data Breach CasesEffective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity...… Continue ReadingJuly 23, 2021 |