10 South Wacker Drive, Suite 3450 Chicago, Illinois 60606 [email protected] Atlanta |...
-
Upload
june-gilmore -
Category
Documents
-
view
214 -
download
0
Transcript of 10 South Wacker Drive, Suite 3450 Chicago, Illinois 60606 [email protected] Atlanta |...
10 South Wacker Drive, Suite 3450Chicago, Illinois 60606
Atlanta | Baltimore | Boston | Charlotte | Chicago | Cleveland | Columbia | Columbus | Dallas | Denver | Fort Lauderdale | Gulfport Houston | Irvine | Kansas City | Las Vegas | Los Angeles | Louisville | Memphis | New
England | New Jersey | New Orleans Orlando | Philadelphia | Phoenix | Portland | San Antonio | San Diego | San Francisco | Tampa | Washington, DC
EMPLOYER’S QUESTIONS
OVERVIEW
POTENTIAL LIABILITIES
Federal and State Agency Investigations
• EEOC – Equal Employment Opportunity Commission
• DOL – Department of Labor
Lawsuits
• Common Law Privacy Torts (Intrusion upon the seclusion of another)
• Statutory – Data Breach Notification, Privacy Protection Statutes
• National Labor Relations Act (“NLRA”)
• Injuries, negligence, etc.
• Class Actions
WHAT DATA IS PRIVATE?
What information is private?
• Personal Identifiers
• Personnel Records
• Health Information
• Communications
• Physical Location
• Trade Secrets
WHAT DATA IS PRIVATE?
Personally Identifiable Information (“PII”) Common Definition: Information that can be used to distinguish or trace an individual’s identity (such as their name, social security number, demographic records), alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (such as date and place of birth, mother’s maiden name, etc.)
WHAT DATA IS PRIVATE?
Health InformationStatutes
• Health Insurance Portability and Accountability Act
• The Illinois Mental Health and Developmental Disabilities Confidentiality Act
Definitions
• Personal Health Information (“PHI”) is Health Information that identifies, or there is a reasonable basis to believe it can be used to identify, the individual.
• Health Information includes any information relating to the physical or mental health or condition of an individual, the health care provided to an individual, or payment for health care provided to an individual. PHI does not include employment records held by the employer in its role as employer.
WHAT DATA IS PRIVATE?
Conversations and Communications
NLRA & NLRB –Surveillance or Appearance Thereof• The NLRA protects the rights of employees to engage in protected concerted
activity free from unlawful surveillance by their employers.
• Does not matter if employees are represented by a union or seek to be.
• Employees communicating with each other to address a shared concern related to their employment, or trying to encourage concerted activity on a matter related to their employment, may be engaging in activity protected by the Act.
Illinois Eavesdropping Law• Felony
• Requires two –party consent: meaning so long as one party to a conversation has a reasonable expectation of privacy, can’t record
- Intrusion upon the Seclusion
WHAT DATA IS PRIVATE?
Location• Surveillance – NLRA
• GPS Monitoring
– California and Connecticut –GPS Location Monitoring unlawful with limited exceptions
• Intrusion upon Seclusion claims –
– Bathroom visits…
– Off duty
WHAT DATA IS PRIVATE?
Bodily Integrity• The chips use radio-frequency
identification (RFID) and are about the same size as a grain of rice.
Uses
• Security - Entry/Exit
• Transmitting health information
• Payment system – cafeteria, copies
• Location tracking
Statutes:CA, MO, ND, OK, UT, WI have laws prohibiting employers from requiring microchip or RFID implants.
WHAT DATA IS PRIVATE?
NOT TO MENTION
TRADE SECRETS(e.g., customer lists / info; pricing and cost; financial data;
R&D work; M&A plans; non-public product specs / prototypes)
NOT TO MENTION
TRADE SECRETS(e.g., customer lists / info; pricing and cost; financial data;
R&D work; M&A plans; non-public product specs / prototypes)
SECURITY
DATA PRIVACY AND SECURITY
DATA PRIVACY AND SECURITY
High Profile Data Breaches
• Sony – “The Interview”
Class Actions
• Four separate class action lawsuits filed against Sony from its employees from December 2014 to January 2015 alleging that Sony:
– Failed to protect employee’s confidential information in light of known risks
– Failed to inform employees of scope of data breach in a timely fashion
• Target’s Black Friday Theft
– 40 million customers victimized
– $61 million in 4Q expenses
DATA PRIVACY AND SECURITY
Statistics• 38% increase in incidents of loss,
theft and exposure of personally identifiable information over the past year. Source: IBM Analytics
• 55% of C-Suite Executives Surveyed Believe Malicious or Negligent Insider/Employees Are The Primary Cause of Data Breach.
WHY IS DATA SECURITY IMPORTANT?
State Breach Notification Laws
State laws vary in 6 areas:• Scope of Covered PII
• Trigger for Notification Obligation
• Recipients of Notice
• Content of Notice
• Timing of Notice
• Enforcement
Illinois Personal Information Protection Act
Illinois Personal Information Protection Act
Illinois Personal Information Protection Act. (815 ILCS 530/) • "Data Collector" may include, but is not limited to, government agencies,
public and private universities, privately and publicly held corporations, financial institutions, retail operators, and any other entity that, for any purpose, handles, collects, disseminates, or otherwise deals with nonpublic personal information.
• Additionally, any “data collector” that maintains, but does not own or license “personal information” is required to notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if it was, or is reasonably believed to have been acquired by an unauthorized person
Litigation and Investigations
Discovery Obligations
Litigation Overview
• Notice of Claim
• Filing of Lawsuit
• Discovery
• Trial
Discovery Requirements
• Identify potentially relevant information
• Preserve potentially relevant information
• Disclose potentially relevant information
Discovery Obligations
Identifying Discoverable Information
• Nature of the Claim
• Parties involved
• What data does your device/system capture?
– Is it useable?
– Is it reliable?
– Can is be preserved?
– Can it be translated?
Discovery Obligations
Preserving Discoverable Information
The Litigation Hold - Duty to Preserve Arises When:• an employer
• knows or should know
• that evidence
• in its “possession, custody or control” = having the legal right and/or ability to obtain evidence upon demand
• is relevant to pending, threatened or reasonably anticipated litigation.
Spoliation of Evidence
• Sanction from the Court for failing to preserve relevant evidence
• Adverse inference to dismissal/default judgment
www.laborlawyers.com
Thank You
Atlanta · Baltimore · Boston · Charlotte · Chicago · Cleveland · Columbia · Columbus · Dallas · Denver · Fort Lauderdale · Gulfport · Houston · Irvine · Kansas City · Las Vegas
Los Angeles · Louisville · Memphis · New Jersey · New Orleans · Orlando · Philadelphia · Phoenix · Portland · San Antonio · San Diego · San Francisco · Tampa · Washington, DC
Presented by:
Scott C. Fanning Peter J. Gillespie
Phone: (312) 580-7800 Phone: (312) 580-7802
Email: [email protected] Email: [email protected]