Final CCPA Regulations Submitted For Approval By Attorney General

On June 1, 2020 the California Attorney General (AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval.  The final regulations appear to be unchanged from the latest draft published on March 11, 2020.

To read the full text of this post by Duane Morris partner Michelle Donovan, Submitted please visit the TechLaw Blog.

Keeping Data Safe When Working Remotely: Top Tips

The coronavirus pandemic has had a severe impact on businesses right across the globe and with a third of the world now in lockdown, thousands of businesses have moved most of their workforce to remote working. Although working from home allows a business to continue operating, it brings significant security risks, placing a greater need to maintain compliance with relevant data security requirements.

Maintaining the security of company data is the responsibility of both the employer and employee and continuing to maintain appropriate security measures is critical at this time. To read the full text of this post by Duane Morris attorneys John M. Benjamin and Edward Pickard, which includes some key points for employees and businesses to keep data secure when working remotely, please visit the Duane Morris TechLaw Blog.

How to Heed Privacy Law in the Midst of a Pandemic

As countries grapple with the global threat of COVID-19, some are leveraging user location data and tracking apps to model potential contamination paths. China has tapped into its facial recognition tools to track the virus and has deployed drones that tell people to wear masks. Singapore has launched an app called TraceTogether which uses Bluetooth to determine who could be at risk of infection. And the United Kingdom is reportedly in talks with telecom providers on how to best use location data to stem the crisis.

But the coronavirus turning the world upside down does not mean companies can throw out the General Data Protection Regulation and the California Consumer Privacy Act, as well as other privacy protections. Here’s how law experts and companies can comply with existing legal standards and new norms set by the pandemic.

Sandra Jeskie, Duane Morris’ team lead for the technology, media and telecom industry group, said in an email that businesses under GDPR or CCPA still have to comply with the laws unless the information they are sharing is anonymized or de-identified.

To read more of Ms. Jeskie’s comments from thsi article, please visit the Duane Morris website.

Boston Fed Message on Pandemic Prevention Is Getting Through

Many employers wrestled this week with the pressing question about whether people should work with home. Boston Fed chief Eric Rosengren and Dr. Paul Biddinger, head of disaster medicine at Mass. General Hospital, have an answer: If they can, they should do so.

After huddling on Monday, Rosengren and Biddinger took the unprecedented step of circulating a column on Wednesday night directed at New England’s employers, about the responsibility they should take as COVID-19 spreads. The goal: to mitigate the virus and its economic impacts. Sacrifice normalcy now, they said, to avoid a much worse outcome down the line.

They encouraged companies to take tangible steps: work-from-home, business travel restrictions, no large meetings. […]

Gregory Bombard, a lawyer at Duane Morris, said employers need to be mindful of data security, as well as nondisclosure agreements to protect sensitive information. The parameters of what people are asked to do at home should be made clear. Perhaps most important, he said, decisions should be communicated in as open a manner as possible. […]

To read the full article, visit The Boston Globe website.

Employees Working from Home to Avoid Coronavirus? Protect Your Data

With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.

While there are a host of considerations in transitioning to a fully remote workplace—hardware, software, securing a connection, training employees, and maintaining productivity among them—perhaps the most pressing issue is protecting your company’s sensitive data.

[…]

Remote employees are more susceptible to hackers and allowing unauthorized access.

And while top management may have secure connections, company laptops, and adequate training, other employees may not. They may be working remotely for the first time, trying to get acclimated with a host of new protocols and be productive while working from home. Converting an entire workplace to remote work is certainly a challenge, said Gregory Bombard, a partner with the law firm Duane Morris.

Bombard offered several “speed bumps” for bad actors that could help prevent the theft or loss of company data by remote workers.

First, limit access to particularly sensitive information, he said, by increasing the permissions necessary to access it.

Then, “monitor employee accounts for unusual activity like large or rapid downloading, printing, or emailing of data. There is rarely a legitimate business purpose for large-scale transfers of data,” he said.

“Even adding a minor speed bump can help limit the risk,” Bombard said. “For example, implementing a system where employees have to get approval before using file sharing websites, downloading significant amounts of data, or accessing particularly sensitive information.”

Lastly—and this might be difficult in a rapid scale-up of a remote workplace—make sure all employees have appropriate non-disclosure agreements in place and receive training on the proper handling of confidential information. Employees should be regularly reminded of the company’s policies for protecting its data and the consequences for failing to do so.

[…]

To read the full article, visit the Compliance Week website.