Class action litigation brought under the Fair Credit Reporting Act (FCRA) is on the rise—particularly in California—after the US Court of Appeals for the Ninth Circuit issued a 2017 decision applying a hypertechnical approach to the FCRA’s disclosure requirements. Background checks are an integral part of the hiring process, but they open employers up to lawsuits for noncompliance with disclosure or adverse action requirements. Plaintiffs’ firms are turning their attention to these cases because of the potential for statutory and actual damages, punitive damages, costs and attorneys’ fees. Please join us for a complimentary webinar Thursday, July 30 as we discuss strategies to help employers avoid and defend these claims. Learn more and register.
Worker Safety, Privacy Clash as Temperature Checks Become Norm
Employers are poised to collect health data from their workforces daily as they adopt temperature checks and other screening protocols to fight the coronavirus, triggering concerns about workers’ privacy and whether the practices will continue beyond the pandemic. “The temperature checks give employees and customers the feeling of safety and the idea that the company is doing everything possible, even if the screenings don’t protect the workplace,” said Michael Sheehan, a partner with McDermott Will & Emery, in a recent Bloomberg Law article. Access the full article.
COVID-19: FAQs on Employees Experiencing Symptoms and Employee Absences
With rapid developments in local, state and federal guidance and law, the appropriate approach for each employer in relation to COVID-19 will vary depending on the nature of their work, the industries served and their location and size, among other considerations. This article outlines what employers need to know about employees experiencing symptoms and employee absences. Access the full article.
Five Reasons Why Telehealth Is Here to Stay (COVID-19 And Beyond)
Telehealth is no longer just a nice-to-have, but instead a must-have for patients and healthcare professionals alike during the COVID-19 pandemic. Lisa Mazur, partner at McDermott Will & Emery specializing in the digital healthcare space, is quoted in a recent Forbes article about why telehealth is here to stay: “Telehealth was already experiencing significant momentum and growth prior to this public health emergency, and its continued trajectory has been solidified by the vital role it is playing in care delivery today.” Access the full article.
The Rise of Facial Recognition Technology: Mapping the Legal Framework
In January 2020, the Supreme Court decided it would not hear the issue of whether Facebook broke the law in Illinois when it instituted a photo-tagging feature that honed in on users’ faces and tagged them without their consent, and Facebook has now settled with the users for $550 million. The Illinois law is part of a patchwork of laws applicable to facial recognition technology (FRT). McDermott’s Ashley Winton contributes to the second installment of a three-part article series on FRT. This article examines the applicable legal framework and regulatory guidance, including intellectual property rights, general privacy legislation, specific state biometric data laws and more. Access the full article. Originally published on Cybersecurity Law Report, February 2020
HIPAA Boss Sees ‘Low-Hanging Fruit’ Ripe For Enforcement
Healthcare providers and insurers are still making tons of rookie mistakes on patient privacy, turning themselves into easy enforcement targets, according to Roger Severino, director of the US Department of Health and Human Services. Severino made headlines in 2017 for expressing interest in punishing a "big, juicy, egregious" privacy breach, and seemingly followed through with a $16 million settlement stemming from Anthem Inc.'s megabreach involving 79 million patients. But, an emphasis on smaller violations makes sense in light of the OCR's recent acknowledgement of limits on its penalty powers, said Edward G. Zacharias, a McDermott partner. Access the full article. Originally posted on Law360, February 2020
4 Ways to Manage Retirement Plan Data in New Era of Cybersecurity
IBM estimated last year that data breaches cost companies $148 per stolen record. Given that, not surprisingly, many employers have grown increasingly concerned about the potential impact of such breaches, including breaches that may affect employer-sponsored benefit plans. Courts have not yet formally addressed whether ERISA requires benefit plan fiduciaries to manage cybersecurity risks. However, a federal district court recently rejected a motion to dismiss filed by defendants seeking to avoid liability for fraudulent distributions from a plan caused by cyber criminals. There, the court held that the defendants were plan fiduciaries and that the plaintiffs had pled facts sufficient to allege that the defendants breached their fiduciary duties. Although this decision only relates to a motion to dismiss, the case underscores the potential for plaintiffs to assert, even in the absence of clear guidance, that plan fiduciaries are not doing enough to protect...
2018 Digital Health Data Developments – Navigating Change in 2019
Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report. EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR’s potential applicability to their...
GDPR 6 Months After Implementation: Where are We Now?
The General Data Protection Regulation (GDPR) was the biggest story of 2018 in the field of global privacy and data protection. The GDPR became enforceable in European Union Member States on May 25, 2018, significantly expanding the territorial reach of EU data protection law and introducing numerous changes that affected the way organizations globally process the personal data of their EU customers, employees and suppliers. These important changes required action by companies and institutions around the world. In almost six months after the GDPR’s effective date, organizations are still working on compliance—and will be for years to come. Critical provisions The GDPR applies to organizations inside and outside the EU. Organizations “established” inside the EU, essentially meaning a business or unit located in the EU, must comply with the GDPR if they process personal data in the context of that establishment. The GDPR also applies to organizations outside...
7 Tips to Avoid Compliance Missteps During Open Enrollment
One of the busiest times of year for an employee benefits professional is open enrollment. It is a crucial and yet stressful time of year that typically results in numerous employee questions and complaints and is a time of year with high potential for both employer and employee mistakes. Despite the stress and potential for problems, open enrollment provides an opportunity for a company to set itself up for success for the following year. The Employee Retirement Income Security Act (ERISA) does not require an annual opportunity for employees to change benefit plan elections. However, because of compliance issues that can spring from not offering a regular enrollment period, most companies choose to offer an “open enrollment” period, usually taking place in mid- to late fall for calendar-year health and welfare benefit plans. Employee attention to employer communications during this period is often high, and attention to detail in participant communications...