10 South Wacker Drive, Suite 3450Chicago, Illinois 60606

sfanning@laborlawyers.com

Atlanta | Baltimore | Boston | Charlotte | Chicago | Cleveland | Columbia | Columbus | Dallas | Denver | Fort Lauderdale | Gulfport Houston | Irvine | Kansas City | Las Vegas | Los Angeles | Louisville | Memphis | New

England | New Jersey | New Orleans Orlando | Philadelphia | Phoenix | Portland | San Antonio | San Diego | San Francisco | Tampa | Washington, DC

EMPLOYER’S QUESTIONS

OVERVIEW

POTENTIAL LIABILITIES

Federal and State Agency Investigations

• EEOC – Equal Employment Opportunity Commission

• DOL – Department of Labor

Lawsuits

• Common Law Privacy Torts (Intrusion upon the seclusion of another)

• Statutory – Data Breach Notification, Privacy Protection Statutes

• National Labor Relations Act (“NLRA”)

• Injuries, negligence, etc.

• Class Actions

WHAT DATA IS PRIVATE?

What information is private?

• Personal Identifiers

• Personnel Records

• Health Information

• Communications

• Physical Location

• Trade Secrets

WHAT DATA IS PRIVATE?

Personally Identifiable Information (“PII”) Common Definition: Information that can be used to distinguish or trace an individual’s identity (such as their name, social security number, demographic records), alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (such as date and place of birth, mother’s maiden name, etc.)

WHAT DATA IS PRIVATE?

Health InformationStatutes

• Health Insurance Portability and Accountability Act

• The Illinois Mental Health and Developmental Disabilities Confidentiality Act

Definitions

• Personal Health Information (“PHI”) is Health Information that identifies, or there is a reasonable basis to believe it can be used to identify, the individual.

• Health Information includes any information relating to the physical or mental health or condition of an individual, the health care provided to an individual, or payment for health care provided to an individual. PHI does not include employment records held by the employer in its role as employer.

WHAT DATA IS PRIVATE?

Conversations and Communications

NLRA & NLRB –Surveillance or Appearance Thereof• The NLRA protects the rights of employees to engage in protected concerted

activity free from unlawful surveillance by their employers.

• Does not matter if employees are represented by a union or seek to be.

• Employees communicating with each other to address a shared concern related to their employment, or trying to encourage concerted activity on a matter related to their employment, may be engaging in activity protected by the Act.

Illinois Eavesdropping Law• Felony

• Requires two –party consent: meaning so long as one party to a conversation has a reasonable expectation of privacy, can’t record

- Intrusion upon the Seclusion

WHAT DATA IS PRIVATE?

Location• Surveillance – NLRA

• GPS Monitoring

– California and Connecticut –GPS Location Monitoring unlawful with limited exceptions

• Intrusion upon Seclusion claims –

– Bathroom visits…

– Off duty

WHAT DATA IS PRIVATE?

Bodily Integrity• The chips use radio-frequency

identification (RFID) and are about the same size as a grain of rice.

Uses

• Security - Entry/Exit

• Transmitting health information

• Payment system – cafeteria, copies

• Location tracking

Statutes:CA, MO, ND, OK, UT, WI have laws prohibiting employers from requiring microchip or RFID implants.

WHAT DATA IS PRIVATE?

NOT TO MENTION

TRADE SECRETS(e.g., customer lists / info; pricing and cost; financial data;

R&D work; M&A plans; non-public product specs / prototypes)

NOT TO MENTION

TRADE SECRETS(e.g., customer lists / info; pricing and cost; financial data;

R&D work; M&A plans; non-public product specs / prototypes)

SECURITY

DATA PRIVACY AND SECURITY

DATA PRIVACY AND SECURITY

High Profile Data Breaches

• Sony – “The Interview”

Class Actions

• Four separate class action lawsuits filed against Sony from its employees from December 2014 to January 2015 alleging that Sony:

– Failed to protect employee’s confidential information in light of known risks

– Failed to inform employees of scope of data breach in a timely fashion

• Target’s Black Friday Theft

– 40 million customers victimized

– $61 million in 4Q expenses

DATA PRIVACY AND SECURITY

Statistics• 38% increase in incidents of loss,

theft and exposure of personally identifiable information over the past year. Source: IBM Analytics

• 55% of C-Suite Executives Surveyed Believe Malicious or Negligent Insider/Employees Are The Primary Cause of Data Breach.

WHY IS DATA SECURITY IMPORTANT?

State Breach Notification Laws

State laws vary in 6 areas:• Scope of Covered PII

• Trigger for Notification Obligation

• Recipients of Notice

• Content of Notice

• Timing of Notice

• Enforcement

Illinois Personal Information Protection Act

Illinois Personal Information Protection Act

Illinois Personal Information Protection Act. (815 ILCS 530/) • "Data Collector" may include, but is not limited to, government agencies,

public and private universities, privately and publicly held corporations, financial institutions, retail operators, and any other entity that, for any purpose, handles, collects, disseminates, or otherwise deals with nonpublic personal information.

• Additionally, any “data collector” that maintains, but does not own or license “personal information” is required to notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if it was, or is reasonably believed to have been acquired by an unauthorized person

Litigation and Investigations

Discovery Obligations

Litigation Overview

• Notice of Claim

• Filing of Lawsuit

• Discovery

• Trial

Discovery Requirements

• Identify potentially relevant information

• Preserve potentially relevant information

• Disclose potentially relevant information

Discovery Obligations

Identifying Discoverable Information

• Nature of the Claim

• Parties involved

• What data does your device/system capture?

– Is it useable?

– Is it reliable?

– Can is be preserved?

– Can it be translated?

Discovery Obligations

Preserving Discoverable Information

The Litigation Hold - Duty to Preserve Arises When:• an employer

• knows or should know

• that evidence

• in its “possession, custody or control” = having the legal right and/or ability to obtain evidence upon demand

• is relevant to pending, threatened or reasonably anticipated litigation.

Spoliation of Evidence

• Sanction from the Court for failing to preserve relevant evidence

• Adverse inference to dismissal/default judgment

www.laborlawyers.com

Thank You

Atlanta · Baltimore · Boston · Charlotte · Chicago · Cleveland · Columbia · Columbus · Dallas · Denver · Fort Lauderdale · Gulfport · Houston · Irvine · Kansas City · Las Vegas

Los Angeles · Louisville · Memphis · New Jersey · New Orleans · Orlando · Philadelphia · Phoenix · Portland · San Antonio · San Diego · San Francisco · Tampa · Washington, DC

Presented by:

Scott C. Fanning Peter J. Gillespie

Phone: (312) 580-7800 Phone: (312) 580-7802

Email: sfanning@laborlawyers.com Email: pgillespie@laborlawyers.com