To get ahead of the compliance curve, companies must take proactive measures to establish adaptable biometric privacy compliance programs. Check out this new practice note by expert author David Oberly discussing how to mitigate legal risks when using biometric...
Colorado became the third U.S. state to adopt a comprehensive privacy law by enacting the Colorado Privacy Act (CPA) in July 2021. Colorado Attorney General Phil Weiser recently related five principles that will govern upcoming rulemaking: (1) promoting consumer...
Virginia Gov. Glenn Youngkin recently signed three amendments to the Virginia Consumer Data Protection Act (VCDPA) into law, finalizing the law’s text in advance of its January 1, 2023 effective date. Check out this practice note providing the latest guidance...
Check out our new state question and answer sets discussing prohibitions on disclosing personal data, such as social security numbers, motor vehicle records and accident reports, financial, voter, medical, and insurance information, and victims’ and minors’...
Utah just became the fourth state to sign a comprehensive privacy bill into law. With similar pending laws in many other states, keeping up with this quickly evolving area is a pain point for data privacy practitioners. Check out this new state comprehensive privacy...
Under the California Consumer Privacy Act of 2018 (CCPA), businesses have a statutory obligation to make specific disclosures in their privacy policies. Review this checklist to identify steps to take to update a company’s consumer-facing privacy policy to...
As employers and employees grapple with return-to-work or hybrid solutions, some employers are considering vaccination requirement policies. Privacy and data security concerns exist with safely collecting and storing employees’ vaccination information. Check...
Collection of biometric data continues to be a hot issue, with the Illinois Supreme Court recently addressing a critical question regarding one of the broadest biometric statutes in the country, the Illinois Biometric Information Privacy Act (BIPA), and confirming...
An organization’s failure to follow state laws when disposing of or destroying records that contain personally identifiable information can result in hefty penalties and possible identity theft for an individual. Check out this answer set to see what Arizona...
2021 was a busy year in the data security and privacy world, and there isn’t likely to be a letup in 2022. Access this article for reflections from 2021, along with trends that will likely continue in 2022. READ NOW » Related Content New York...
When negotiating or reviewing a transaction or agreement that involves personally identifiable information (PII) or other types of confidential or sensitive data on behalf of a client, it is essential to consider a multitude of privacy and data security controls...
Companies need effective policies to ensure that employees understand the proper use of work-related electronic communications and that they have no privacy in those communications. Use these drafting tips on work-related communications systems, email, networks...
Organizations must properly dispose or destroy sensitive personally identifying information (PII) to avoid harsh penalties. Check out this comparison of each state’s laws on the disposal or destruction of such PII, as well as exceptions and potential penalties...
The federal Children’s Online Privacy Protection Act and Rule (COPPA) ( 15 U.S.C. §§ 6501-6506 ) places parents and legal guardians in control of the collection, use, and disclosure of their children’s personal information (PI). Violating...
The Health Insurance Portability and Accountability Act (HIPAA) strictly limits how, and for what purposes, covered entities (including many group health plans) can use or disclose PHI. Review this template, for use by an employer-sponsored group health plan, to...