A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis.

While numerous companies and governments have developed and deployed apps and programs to track individuals and trace contacts between individuals in furtherance of the laudable goal of helping to better understand and address the pandemic, there have been concerns that such data could be collected without proper authorization and/or used for purposes outside of the scope for which the data is willingly provided.
Continue Reading Federal “COVID-19 Consumer Data Protection Act” Proposed

With the explosion of COVID-19 cases worldwide, companies and governments have expanded their interest in the use of the vast stores of consumer data. Even where such collection and use of personal data is ostensibly for the public good, the privacy rights and legal requirements applicable to such data must be considered carefully.[i]
Continue Reading Public Ends From Private Means: Privacy Rights and Benevolent Use of Personal Data

The outbreak of the novel coronavirus (COVID-19) presents challenging medical privacy issues for employers. Employers must observe their employees’ continued legal right to privacy—including under the Americans with Disabilities Act (ADA), HIPAA, and/or relevant state and local laws—while maintaining a safe and healthy workplace. Below are some privacy guidelines for employers to consider with respect to the coronavirus outbreak.
Continue Reading Coronavirus and Employee Privacy Laws: What Employers Should Know

Various state laws require data breach notification and different state laws have different triggers for when notification is required and who must be notified. In California, for example, a breached company must give notice to each affected California resident, but the California AG need be notified only if the breach affected 500 or more individuals in California. In New York, on the other hand, AG notification is required if any NY residents were affected by the breach.

While all such laws generally address notification of affected parties, the AG, credit reporting agencies, other holders of the data, and certain other constituents, they are not the only word in disclosure requirements.
Continue Reading Data Breach Disclosure Requirements Implicate More Than Privacy Law