Reading Between the Lines: Which Domestic Travel Quarantine Guidelines Apply?

Most readers are likely now familiar with the initial travel guidance for international travel issued by the U.S. Centers for Disease Control and Prevention (CDC). Since then, governors have taken the lead in issuing orders related to COVID-19 for, among other things, closing businesses, mandating citizens stay home, and only permitting essential businesses to operate. Along with those orders, many have issued guidance related to quarantines for out-of-state travelers, including those who have only traveled domestically within the United States. Many of these orders are expressly aimed at discouraging interstate travel other than for essential services.

COVID-19 Consumer Data Protection Act Announced by Republican Senators

Over the years, Congress has put forth various legislative proposals regarding data privacy. None of the past legislation received the support necessary to enable passage of a comprehensive national data privacy law. In the face of the ongoing COVID-19 pandemic, however, promising new privacy legislation has been introduced by Senator Roger Wicker (R-MS), chairman of the U.S. Senate Committee on Commerce, Science, and Transportation; Senator John Thune (R-SD), chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet; Senator Jerry Moran (R-KN), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security; and Senator Marsha Blackburn (R-TN).

What’s Changed, What Hasn’t: A Review of HIPAA Rules in a COVID-19 Context

With employers planning for employees to return to work following COVID-19–related closures, there are sure to be questions about sharing employee medical information as it relates to COVID-19 (symptoms, test results, status) within the workplace and with public authorities. Now may be a good time to review what has changed about federal privacy rules in light of the COVID-19 pandemic—and what hasn’t.

An Update on Coronavirus Contact Tracing: Status, Benefits, and Key Considerations

Since the outset of the COVID-19 pandemic, employers have been engaged in varying levels of contact tracing within the workplace. Contact tracing involves identifying individuals who may have been in close contact with a person who tested positive for the coronavirus while that person was likely infectious. As part of employers’ pandemic response practices, many are implementing policies and procedures that attempt to ascertain the identities of employees who may have been in “close contact” with employees diagnosed with COVID-19, or those suspected of having contracted the virus.

Higher Education Federal Contractors: Is Your Supply Chain Compliant With the National Defense Authorization Act?

President Donald Trump signed the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA) (Pub. L. No. 115-232) into law on August 13, 2018. Section 889 of the NDAA applies to schools, including hospital systems, labs, and research affiliates, receiving federal contracts, grants, and loans. Specifically, § 889(a)(1)(A), which went into effect on August 13, 2019, prohibits an executive agency from “procur[ing] or obtain[ing] or extend[ing] or renew[ing] a contract to procure or obtain any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as a part of any system.”

Implementing COVID-19 Temperature Checks in Light of the CDC’s and OSHA’s Silence: What Employers Need to Know

Now that the U.S. Equal Employment Opportunity Commission (EEOC) acknowledges that employers may implement temperature screening measures in response to the current COVID-19 pandemic, many employers want to conduct them, and want to know how to conduct them. In some locations, employers may even feel compelled to conduct them based on location-specific or general community mitigation guidance from the U.S. Centers for Disease Control and Prevention (CDC).

U.S. and Global Employee Data Privacy FAQs

An employer’s response to COVID-19 involves numerous privacy issues. Below are some answers to frequently asked questions (FAQs) about these issues within the United States and globally, based on laws such as the Americans with Disabilities Act (ADA) (which applies in the United States) and the European Union’s General Data Protection Regulation (GDPR). While many of these principles can be applied globally, employers should always look to applicable local laws in their jurisdictions and guidance from public health authorities. Employers should also consult any applicable internal policies, data privacy notices, employee collective bargaining agreements, employment contracts, and individual employment terms.

New York State Asks Financial Institutions to Provide Assurances on COVID-19 Preparedness

On March 10, 2020, the New York State Department of Financial Services (NYSDFS), which regulates a variety of financial service entities such as banks, credit unions, check cashers, insurance companies, mortgage brokers, investment advisors, and cryptocurrency businesses, issued guidance in a series of “industry letters” and “circular letters” requesting “assurance” of operational preparedness relating to COVID-19. Such operation preparedness plans include a plan to maintain an adequate workforce, including remote work and other strategies to safeguard the workforce.

9 Telecommuting Tips for Employers as COVID-19 Spreads Across the United States

As COVID-19 continues to spread across the United States, it is anticipated that a large portion of the workforce will be asked to work from home for their own protection and for the protection of others. Working from home (or telecommuting) is not a new concept. However, it will be new for some employees and may strain the resources of a company during the COVID-19 outbreak.

DHS Offers Tips for Thwarting Cyber-Scams in the Age of COVID-19

Both employers and individuals continue to receive a barrage of information regarding the novel coronavirus 2019 (COVID-19). It is important to remember that during any time of stress, there will be some people with bad intentions willing to take advantage of the situation. “Phishing” and similar cybersecurity attacks are among the scams that the U.S. government is currently seeing in response to the COVID-19 pandemic.

Looming Data Security Requirements Under the New York SHIELD Act: What Businesses Need to Know

By March 21, 2020, nearly every business—not only those that conduct business in New York State—that owns or licenses computerized data that includes the private information of any New York State resident, will be required to implement certain safeguards to protect the security of such information.

Data Privacy Act Sponsors Seek to Bring GDPR Requirements to Wisconsin

On February 10, 2020, bipartisan cosponsors in the Wisconsin State Assembly introduced a trio of bills targeting the use of personal data information and modeled after the requirements of the European General Data Protection Regulation. Titled by their sponsors as the “Wisconsin Data Privacy Act,” the three bills work together to regulate what data a company may collect on an individual, when the company may collect it, how the company may use it, to whom the company may give it, and how long the company may retain it.

Maintaining Employees’ Privacy During a Public Health Crisis

As coronavirus disease 2019 (COVID-19) continues to spread, employers have been trying to strike a balance between safety and privacy as they apply their own policies and attempt to follow laws such as the General Data Protection Regulation (GDPR) in the European Union and the Health Insurance Portability and Accountability Act of 1996 in the United States.

The Coronavirus Outbreak’s Impact on International Employers

As the world responds to the accelerating 2019 Novel Coronavirus (2019-nCoV) outbreak originating in Wuhan, China—a situation now declared by the World Health Organization to be a Public Health Emergency of International Concern—multinational employers, particularly those with employees based in or traveling to China, are assessing their role in managing workforce impact. In addition to taking precautions to prevent the spread of illness, employers are contending with government-imposed travel shutdowns and advisories, quarantines, border screenings, and extended holidays that may affect local operations and global mobility.

The Artificial Intelligence Video Interview Act: Privacy Implications of Illinois’s AI Statute

It’s time for employers to start preparing for legislation recently signed into law in Illinois, the Artificial Intelligence Video Interview Act. The new law, which takes effect on January 1, 2020, regulates Illinois employers’ use of artificial intelligence (AI) in the interview and hiring process.

EU-U.S. Privacy Shield: EU Commission Confirms Adequacy but Highlights Room for Improvement

On October 23, 2019, the European Commission published its report after its third annual review on the functioning of the EU-U.S. Privacy Shield. The Privacy Shield, which became operational in August 2016, details procedures and safeguards for transatlantic data transfers from the European Union (EU) to the United States.

The Latest on California’s Approach to Biometrics in the Workplace

Although California does not have a specific biometric privacy law like Illinois’s 2008 Biometric Information Privacy Act (BIPA) or its recently enacted 2019 Artificial Intelligence Video Interview Act (AIVIA), stay tuned for the impact of the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020.  The CCPA will directly affect how certain employers use biometric data in the workplace.

New York State Doubles Down on Data Privacy, Sets High Bar for “Reasonable Safety Standards”

On July 25, 2019, New York governor Andrew Cuomo signed into law two bills aimed at increasing the obligations of entities handling computerized private data. The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) expands the requirements for notifying affected parties in the event of a data breach and sets forth a demanding list of security measures that must be implemented to “maintain reasonable safeguards” to protect private information.

Bill to Exclude California Employees from CCPA Passes Senate Committee With Changes

On July 9, 2019, the California Senate Judiciary Committee passed Assembly Bill 25 (AB 25), but only after certain changes were made to quell opposition to the bill by labor groups. The bill  was originally drafted to exclude employees and job applicants from the definition of “consumer” under the California Consumer Privacy Act of 2018 (CCPA).

Keeping an Eye on Artificial Intelligence Regulation and Legislation

More and more organizations are beginning to use or expand their use of artificial intelligence (AI) tools and services in the workplace. Despite AI’s proven potential for enhancing efficiency and decision-making, it has raised a host of issues in the workplace which, in turn, have prompted an array of federal and state regulatory efforts that are likely to increase in the near future.

Maine Governor Could Sign Bill Enacting Nation’s Strictest Data Privacy Law for Internet Providers

The Maine legislature has passed a bill imposing the nation’s strictest limitations on broadband providers’ use of consumer data. On May 30, 2019, the Maine State Senate approved the House’s amended version of Legislative Document (LD) 946, entitled “An Act To Protect the Privacy of Online Customer Information,” which now awaits Governor Janet Mills’s signature.

A GDPR Update for Employers, Part IV: Implementing Lessons Learned From GDPR Complaints and Enforcement Actions

The European Data Protection Board (EDPB) and EU supervisory authorities have reported that they have received a large number of complaints during the first six months following the effective date of the GDPR. For example, the EDPB reported that it had received more than 42,000 complaints since May 25, 2018. The French Supervisory Authority (CNIL) reported a 20 percent increase in complaints filed during the first six months the GDPR was effective compared to the same period in 2017. Similarly, the Irish Supervisory Authority reported a 50 percent increase in data breach reports and a 65 percent increase in data protection complaints over the same period. The Irish Data Protection Commissioner also stated that several investigations of multijurisdictional complaints against large companies are being completed and that she expects major GDPR fines to be issued in 2019.