Utah just became the fourth state to sign a comprehensive privacy bill into law. With similar pending laws in many other states, keeping up with this quickly evolving area is a pain point for data privacy practitioners. Check out this new state comprehensive privacy...
Under the California Consumer Privacy Act of 2018 (CCPA), businesses have a statutory obligation to make specific disclosures in their privacy policies. Review this checklist to identify steps to take to update a company’s consumer-facing privacy policy to...
As employers and employees grapple with return-to-work or hybrid solutions, some employers are considering vaccination requirement policies. Privacy and data security concerns exist with safely collecting and storing employees’ vaccination information. Check...
Collection of biometric data continues to be a hot issue, with the Illinois Supreme Court recently addressing a critical question regarding one of the broadest biometric statutes in the country, the Illinois Biometric Information Privacy Act (BIPA), and confirming...
An organization’s failure to follow state laws when disposing of or destroying records that contain personally identifiable information can result in hefty penalties and possible identity theft for an individual. Check out this answer set to see what Arizona...
2021 was a busy year in the data security and privacy world, and there isn’t likely to be a letup in 2022. Access this article for reflections from 2021, along with trends that will likely continue in 2022. READ NOW » Related Content New York...
When negotiating or reviewing a transaction or agreement that involves personally identifiable information (PII) or other types of confidential or sensitive data on behalf of a client, it is essential to consider a multitude of privacy and data security controls...
Companies need effective policies to ensure that employees understand the proper use of work-related electronic communications and that they have no privacy in those communications. Use these drafting tips on work-related communications systems, email, networks...
Organizations must properly dispose or destroy sensitive personally identifying information (PII) to avoid harsh penalties. Check out this comparison of each state’s laws on the disposal or destruction of such PII, as well as exceptions and potential penalties...
The federal Children’s Online Privacy Protection Act and Rule (COPPA) ( 15 U.S.C. §§ 6501-6506 ) places parents and legal guardians in control of the collection, use, and disclosure of their children’s personal information (PI). Violating...
The Health Insurance Portability and Accountability Act (HIPAA) strictly limits how, and for what purposes, covered entities (including many group health plans) can use or disclose PHI. Review this template, for use by an employer-sponsored group health plan, to...
All private-sector privacy statutes in Canada grant individuals a qualified right to access and, in most cases, request corrections to factual information that an organization has collected about them. Check out this practice note for information about receiving...
Check out this updated analysis of international transfers under the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), starting with the general prohibition of such transfers outside of the European Economic Area (EEA) or to an international...
Check out this at-a-glance view of enforcement of state data breach notification laws and the penalties for noncompliance with such laws. Specifically, see the civil and criminal penalties for failure to comply with each state's (or U.S. territory's) data...
Some states regulate the use of Event Data Recorder (EDR) technology and any data that may be obtained through the use of an EDR. Access this state law survey to see state laws that regulate the use and disclosure of EDR. READ NOW » Related Content ...