The Artificial Intelligence Video Interview Act: Privacy Implications of Illinois’s AI Statute

It’s time for employers to start preparing for legislation recently signed into law in Illinois, the Artificial Intelligence Video Interview Act. The new law, which takes effect on January 1, 2020, regulates Illinois employers’ use of artificial intelligence (AI) in the interview and hiring process.

A GDPR Update for Employers, Part IV: Implementing Lessons Learned From GDPR Complaints and Enforcement Actions

The European Data Protection Board (EDPB) and EU supervisory authorities have reported that they have received a large number of complaints during the first six months following the effective date of the GDPR. For example, the EDPB reported that it had received more than 42,000 complaints since May 25, 2018. The French Supervisory Authority (CNIL) reported a 20 percent increase in complaints filed during the first six months the GDPR was effective compared to the same period in 2017. Similarly, the Irish Supervisory Authority reported a 50 percent increase in data breach reports and a 65 percent increase in data protection complaints over the same period. The Irish Data Protection Commissioner also stated that several investigations of multijurisdictional complaints against large companies are being completed and that she expects major GDPR fines to be issued in 2019.

A GDPR Update for Employers, Part III: Preparing Required Data Protection Impact Assessments

Article 35 of the GDPR provides that a data protection impact assessment (DPIA) must be performed for data processing that “is likely to result in a high risk to the rights and freedoms of natural persons.” DPIAs must contain (1) a description of the processing operation along with the purpose of the processing and, where applicable, the legitimate interest for the processing; (2) an assessment of the necessity and proportionality of the processing operation in relation to the purpose; (3) an assessment of the risks to the rights and freedoms of the data subjects; and (4) the measures to be taken to mitigate the risks.

A GDPR Update for Employers, Part II: Aligning HR Practices to Comply with National Legislation Implementing the GDPR

Although the GDPR was intended to provide a uniform set of data protection requirements across the EU, the GDPR contains several provisions, known as “opening clauses,” that expressly permit individual EU countries to implement additional and/or stricter requirements for certain types of data that employers typically process.

A GDPR Update for Employers, Part I: Determining Whether Your Organization’s HR Data Processing Is Covered

Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the GDPR, while other developments have directly affected employers and created new obligations regarding the collection and processing of human resources (HR) data.

Working Party Confirms That Employers of All Sizes Must Maintain Article 30 Records of Processing for Human Resources Data

On April 19, 2018, the Article 29 Working Party (Working Party), which is comprised of representatives from the data protection authorities in each of the 28 European Union (EU) member states, issued a position paper stating that all employers of EU employees are required to prepare and maintain records of processing activities relating to human resources data pursuant to Article 30 of the General Data Protection Regulation (GDPR).

EU Regulator Discusses Enforcement Priorities for the GDPR

On March 27, 2018, Helen Dixon, the data protection commissioner for Ireland, outlined the enforcement priorities of the Irish data protection authority (DPA) for the General Data Protection Regulation (GDPR) during the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C. The Irish DPA has been ramping up its compliance capabilities for the GDPR and will undoubtedly serve as the lead DPA for GDPR enforcement for numerous U.S. companies that are headquartered or have locations in Ireland. 

The Highest Risk Area for GDPR Compliance: Processing HR Data

With less than six months until the May 25, 2018, effective date for the European Union (EU) General Data Protection Regulation (GDPR), companies are assessing their GDPR readiness and concentrating their compliance efforts on the highest risk areas. What is the highest risk area for GDPR compliance?

Preparing for the New Massachusetts Equal Pay Law, Part I: Whether, When, and How to Conduct a Pay Equity Audit

The July 1, 2018, implementation date for the amendments to the Massachusetts Equal Pay Act (MEPA) is less than a year away. The amendments approved in 2016 will bring about substantial changes to the definition of “comparable work,” employer defenses, statutes of limitations, and prohibited employer practices, such as salary history inquiries.

Train Your Team: Protect Personally Identifiable Information From a Widespread Phishing Scam

Every January 31, employers scramble to meet the deadline for mailing W-2 forms to their employees. This year, a new iteration of an old W-2 phishing scam surfaced immediately thereafter. In the 2017 version, scammers posing as a company’s CEO or other high-level executive target human resources (HR) and payroll professionals with email messages requesting certain W-2s or all of a company’s W-2s.

Can Employers Discipline Employees for “Self-Help Discovery”? Massachusetts Decision Raises More Questions Than Answers

Employers know all too well that employees sometimes help themselves to documents the employer would like to keep confidential. This is precisely why many employers require employees to sign confidentiality agreements and often impose discipline, including termination, for taking confidential documents. But what if an employee who has filed a discrimination suit against his or her employer takes confidential documents to assist in the case?

Honored in the Breach: Employer Action Items for an Insurer Data Breach

This morning, Anthem Blue Cross and Blue Shield, one of the largest health insurers in the country, notified its policyholders, members, and business partners that it was recently the target of an external cyber attack that appears to have comprised the confidentiality of medical and other personal information maintained on…..

The Cyber Security State of the Union: Obama Commits “to Protect a Free and Open Internet”

In last week’s State of the Union address, President Barack Obama continued his ongoing push for nationwide privacy legislation to “better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information.” Recognizing the real threats posed by inadequate remedies for cybersecurity breaches, the president noted that…..

Supreme Court Declines to Hear Challenge of Illinois Independent Contractor Classification Law

On October 14, 2014, the Supreme Court of the United States refused to consider a challenge to the Illinois Employee Classification Act, which classifies workers in the construction industry as employees unless they can meet the detailed requirements of the statute for independent contractor status. The Supreme Court denied the…..

MA Fair Share Contribution, HIRD Repealed in FY2014 Budget

Governor Deval Patrick recently approved the Commonwealth’s 2014 fiscal year budget, which includes provisions repealing both the Fair Share Contribution (FSC) and the Health Insurance Responsibility Disclosure (HIRD) form requirements. These requirements were part of the landmark Massachusetts health care reform law in 2006. Their repeal resulted from the upcoming implementation of the federal health care reform, the Affordable Care Act (ACA).