The Matrix

COVID-19 Operations: How to Keep Vaccine-Related Data Safe

Posted by

Post authored by Mahja D. Zeon, an Associate in Honigman's Detroit office and Lauren Legner, a 2021 Summer Associate in the firm's Detroit office.

Employers have a right, and in some industries, even a requirement, to implement vaccine-related policies to promote workplace safety, but they must be mindful of the privacy implications.  There are several competing concerns to weigh when deciding whether to implement vaccine-related policies. On the one hand, data regarding employee vaccination status may play an essential role in keeping the workplace safe from COVID-19 outbreaks. On the other hand, collecting and using such data implicates individual privacy and data security concerns. Should an employer choose to collect vaccine-related data, it must take the appropriate steps to keep this information safe. Here are three ways employers can implement vaccine-related, data-safe policies: More

Colorado Passes Comprehensive Consumer Privacy Law

Posted by

On the heels of Virginia’s Consumer Data Protection Act, Colorado recently passed its own comprehensive consumer privacy law. On July 8, 2021, Colorado Governor Jared Polis signed the Colorado Privacy Act (“CPA”). The CPA takes effect on July 1, 2023. More

Understanding National Security Implications of Sensitive Data

Posted by

Business transactions, management changes or investments involving non-U.S. companies or individuals receiving control or information rights to U.S. companies are subject to review by the U.S. government for national security purposes. There is a particular concern if any sensitive individual or government data is held by the U.S. company.  U.S. companies holding sensitive data should consider whether their business may be subject to CFIUS review prior to entering any investment or engaging in M&A activities.   More

The Death of the Date of Birth

Posted by

Michigan state courts have new privacy protections in court rules that become effective July 1, 2021 (links to the implementing orders are included below) after implementation was previously delayed.  Under revised Michigan Court Rule (“MCR”) 1.109 and 8.119, parties are no longer able to file papers – including pleadings, motions, and briefs – or attachments containing specified types of personally identifying information (PII) such as date of birth, financial account numbers, driver’s license numbers, state-issued personal identification card numbers, or passport numbers.  The existing prohibition on filing more than the last four digits of a social security number remains in force.  The revised MCR 1.109 calls for parties and their attorneys to redact any PII and to prepare a separate form listing the un-redacted information and reference codes to be used in the public document.  That separate form is considered a nonpublic document and is available only to the court, the parties, and other specified persons.  Anyone obtaining a copy of a publicly filed document will receive only the redacted copy and not the separate form. More

How the IWCA Impacts BIPA Claims

Posted by

The Illinois Biometric Information Privacy Act (BIPA) is a law concerning the protection of biometric data. The BIPA requires companies collecting biometric information to establish a policy and obtain a written release from its employees prior to collecting and using this information. The BIPA is the only statute of its kind with a private right of action. Under the BIPA, individuals may sue for violations and recover monetary damages.  More

European Commission Adopts New Standard Contractual Clauses for Data Transfers from the EU

Posted by

Today, the European Commission (“EC”) adopted new standard contractual clauses (“SCCs”) reflecting new requirements under the European Union’s General Data Protection Regulation (“GDPR”).  The SCCs are intended to provide standardized templates for companies to utilize to comply with the GDPR’s data protection requirements.  More

Cyber Insurance 101

Posted by

As cybersecurity incidents increase in frequency and scope, cyber insurance policies are an important tool for companies to mitigate loss from such incidents.  Recent surveys of small and medium businesses reveal, however, that many respondents do not carry cyber insurance.[1] And for those that do, the cost of such coverage is rising.  For companies considering purchasing or renewing a cyber policy in light of new or increasing risk, this article provides a brief primer on the types of coverages that cyber policies offer, potential add-ons to coverage, common conditions and exclusions, and other cyber insurance-related questions.  More

NYDFS Provides Best Practices for Third-Party Risk Management

Posted by

In late 2020, a sophisticated adversary used the SolarWinds Orion Platform to plant covert backdoors in the networks of thousands of companies and government agencies.  The attack confirms the importance of vigorous third-party risk management.  Last month, the New York State Department of Financial Services (“NYDFS”) issued a report on the SolarWinds attack and provided the following steps that companies can take to reduce supply chain risk:   More

Recent State Biometric Privacy Bills Put Spotlight On Federal Regulation

Posted by

New York And Maryland Propose BIPA-Like Biometric Privacy Bills
New York Assembly Bill 27—introduced on January 6, 2021—seeks to amend the New York general business law in relation to biometric privacy.  Similarly, Maryland House Bill 218—introduced on January 13, 2021—proposes biometric privacy regulations on private entities in Maryland. More

U.S. Supreme Court Curtails FTC’s Authority to Obtain Restitution and Disgorgement

Posted by

Yesterday, the U.S. Supreme Court, in AMG Capital Management, LLC v. FTC, sharply curtailed the ability of the Federal Trade Commission to obtain restitution and disgorgement in enforcement actions. In a 9-0 decision, the court found that Section 13(b) of the FTC Act, which authorizes the FTC to seek permanent injunctions in federal court, did not also authorize the Commission to obtain court-ordered monetary relief.  More

Jump to Page