Judge Shannon Frison, sitting in the Middlesex County Superior Court in Massachusetts, recently issued a ruling that highlights for employers the importance of providing complete and timely responses to requests for employee personnel files. Judge Frison’s ruling arose in the context of an employer’s motion to dismiss or compel arbitration in accordance with the terms of an arbitration agreement that the employer had failed to produce in response to a request for the employee’s personnel file.
On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data importers in the United States and other third countries. These new clauses update and replace the SCCs adopted in 2001, 2004, and 2010 that many employers currently use to legally transfer human resources (HR) data for employees based in the European Union (EU).
Virginia has joined California as the second state to enact a comprehensive data privacy law. On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law. The VCDPA does not go into effect until January 1, 2023, but the broad privacy mandate will have an immediate impact on compliance efforts for many Virginia businesses.
As the news reports show, the sudden shift to employees working from home poses new cybersecurity risks for businesses and the employees who work remotely.
It’s time for employers to start preparing for legislation recently signed into law in Illinois, the Artificial Intelligence Video Interview Act. The new law, which takes effect on January 1, 2020, regulates Illinois employers’ use of artificial intelligence (AI) in the interview and hiring process.
The European Data Protection Board (EDPB) and EU supervisory authorities have reported that they have received a large number of complaints during the first six months following the effective date of the GDPR. For example, the EDPB reported that it had received more than 42,000 complaints since May 25, 2018. The French Supervisory Authority (CNIL) reported a 20 percent increase in complaints filed during the first six months the GDPR was effective compared to the same period in 2017. Similarly, the Irish Supervisory Authority reported a 50 percent increase in data breach reports and a 65 percent increase in data protection complaints over the same period. The Irish Data Protection Commissioner also stated that several investigations of multijurisdictional complaints against large companies are being completed and that she expects major GDPR fines to be issued in 2019.
Article 35 of the GDPR provides that a data protection impact assessment (DPIA) must be performed for data processing that “is likely to result in a high risk to the rights and freedoms of natural persons.” DPIAs must contain (1) a description of the processing operation along with the purpose of the processing and, where applicable, the legitimate interest for the processing; (2) an assessment of the necessity and proportionality of the processing operation in relation to the purpose; (3) an assessment of the risks to the rights and freedoms of the data subjects; and (4) the measures to be taken to mitigate the risks.
Although the GDPR was intended to provide a uniform set of data protection requirements across the EU, the GDPR contains several provisions, known as “opening clauses,” that expressly permit individual EU countries to implement additional and/or stricter requirements for certain types of data that employers typically process.
Much has happened since the European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Many EU countries have enacted national legislation to implement and expand the requirements of the GDPR, while other developments have directly affected employers and created new obligations regarding the collection and processing of human resources (HR) data.
On April 19, 2018, the Article 29 Working Party (Working Party), which is comprised of representatives from the data protection authorities in each of the 28 European Union (EU) member states, issued a position paper stating that all employers of EU employees are required to prepare and maintain records of processing activities relating to human resources data pursuant to Article 30 of the General Data Protection Regulation (GDPR).
On March 27, 2018, Helen Dixon, the data protection commissioner for Ireland, outlined the enforcement priorities of the Irish data protection authority (DPA) for the General Data Protection Regulation (GDPR) during the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C. The Irish DPA has been ramping up its compliance capabilities for the GDPR and will undoubtedly serve as the lead DPA for GDPR enforcement for numerous U.S. companies that are headquartered or have locations in Ireland.
Employers beware: Companies are experiencing a wave of phishing scams that target employee paychecks.
With less than six months until the May 25, 2018, effective date for the European Union (EU) General Data Protection Regulation (GDPR), companies are assessing their GDPR readiness and concentrating their compliance efforts on the highest risk areas. What is the highest risk area for GDPR compliance?
The July 1, 2018, implementation date for the amendments to the Massachusetts Equal Pay Act (MEPA) is less than a year away. The amendments approved in 2016 will bring about substantial changes to the definition of “comparable work,” employer defenses, statutes of limitations, and prohibited employer practices, such as salary history inquiries.
Every January 31, employers scramble to meet the deadline for mailing W-2 forms to their employees. This year, a new iteration of an old W-2 phishing scam surfaced immediately thereafter. In the 2017 version, scammers posing as a company’s CEO or other high-level executive target human resources (HR) and payroll professionals with email messages requesting certain W-2s or all of a company’s W-2s.
Employers know all too well that employees sometimes help themselves to documents the employer would like to keep confidential. This is precisely why many employers require employees to sign confidentiality agreements and often impose discipline, including termination, for taking confidential documents. But what if an employee who has filed a discrimination suit against his or her employer takes confidential documents to assist in the case?
This morning, Anthem Blue Cross and Blue Shield, one of the largest health insurers in the country, notified its policyholders, members, and business partners that it was recently the target of an external cyber attack that appears to have comprised the confidentiality of medical and other personal information maintained on…..
In last week’s State of the Union address, President Barack Obama continued his ongoing push for nationwide privacy legislation to “better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information.” Recognizing the real threats posed by inadequate remedies for cybersecurity breaches, the president noted that…..
On October 14, 2014, the Supreme Court of the United States refused to consider a challenge to the Illinois Employee Classification Act, which classifies workers in the construction industry as employees unless they can meet the detailed requirements of the statute for independent contractor status. The Supreme Court denied the…..
Governor Deval Patrick recently approved the Commonwealth’s 2014 fiscal year budget, which includes provisions repealing both the Fair Share Contribution (FSC) and the Health Insurance Responsibility Disclosure (HIRD) form requirements. These requirements were part of the landmark Massachusetts health care reform law in 2006. Their repeal resulted from the upcoming implementation of the federal health care reform, the Affordable Care Act (ACA).