Final CCPA Regulations Submitted For Approval By Attorney General

On June 1, 2020 the California Attorney General (AG) submitted the final text of the CCPA regulations to the California Office of Administrative Law (OAL) for approval.  The final regulations appear to be unchanged from the latest draft published on March 11, 2020.

To read the full text of this post by Duane Morris partner Michelle Donovan, Submitted please visit the TechLaw Blog.

Personal Data Protection During the COVID-19 Health Emergency in Mexico

As a consequence of the COVID-19 health emergency declared by the Mexican government on March 30, many companies in the Mexican market have needed to collect information from their employees as a precaution against the spread of the coronavirus.

In Mexico, the Law on the Protection of Personal Data in the Possession of Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares) regulates the right to informational self-determination. The law provides that data that may reveal information relating to the health of individuals be deemed as “Sensitive Personal Data.”

To read the full text of this Duane Morris Alert, please visit the firm website.

How to Heed Privacy Law in the Midst of a Pandemic

As countries grapple with the global threat of COVID-19, some are leveraging user location data and tracking apps to model potential contamination paths. China has tapped into its facial recognition tools to track the virus and has deployed drones that tell people to wear masks. Singapore has launched an app called TraceTogether which uses Bluetooth to determine who could be at risk of infection. And the United Kingdom is reportedly in talks with telecom providers on how to best use location data to stem the crisis.

But the coronavirus turning the world upside down does not mean companies can throw out the General Data Protection Regulation and the California Consumer Privacy Act, as well as other privacy protections. Here’s how law experts and companies can comply with existing legal standards and new norms set by the pandemic.

Sandra Jeskie, Duane Morris’ team lead for the technology, media and telecom industry group, said in an email that businesses under GDPR or CCPA still have to comply with the laws unless the information they are sharing is anonymized or de-identified.

To read more of Ms. Jeskie’s comments from thsi article, please visit the Duane Morris website.

Boston Fed Message on Pandemic Prevention Is Getting Through

Many employers wrestled this week with the pressing question about whether people should work with home. Boston Fed chief Eric Rosengren and Dr. Paul Biddinger, head of disaster medicine at Mass. General Hospital, have an answer: If they can, they should do so.

After huddling on Monday, Rosengren and Biddinger took the unprecedented step of circulating a column on Wednesday night directed at New England’s employers, about the responsibility they should take as COVID-19 spreads. The goal: to mitigate the virus and its economic impacts. Sacrifice normalcy now, they said, to avoid a much worse outcome down the line.

They encouraged companies to take tangible steps: work-from-home, business travel restrictions, no large meetings. […]

Gregory Bombard, a lawyer at Duane Morris, said employers need to be mindful of data security, as well as nondisclosure agreements to protect sensitive information. The parameters of what people are asked to do at home should be made clear. Perhaps most important, he said, decisions should be communicated in as open a manner as possible. […]

To read the full article, visit The Boston Globe website.

Employees Working from Home to Avoid Coronavirus? Protect Your Data

With the coronavirus threat having moved on from disrupting your business’s supply chain to threatening your employees’ health at home, now is the time to implement that company-wide remote workplace plan.

While there are a host of considerations in transitioning to a fully remote workplace—hardware, software, securing a connection, training employees, and maintaining productivity among them—perhaps the most pressing issue is protecting your company’s sensitive data.


Remote employees are more susceptible to hackers and allowing unauthorized access.

And while top management may have secure connections, company laptops, and adequate training, other employees may not. They may be working remotely for the first time, trying to get acclimated with a host of new protocols and be productive while working from home. Converting an entire workplace to remote work is certainly a challenge, said Gregory Bombard, a partner with the law firm Duane Morris.

Bombard offered several “speed bumps” for bad actors that could help prevent the theft or loss of company data by remote workers.

First, limit access to particularly sensitive information, he said, by increasing the permissions necessary to access it.

Then, “monitor employee accounts for unusual activity like large or rapid downloading, printing, or emailing of data. There is rarely a legitimate business purpose for large-scale transfers of data,” he said.

“Even adding a minor speed bump can help limit the risk,” Bombard said. “For example, implementing a system where employees have to get approval before using file sharing websites, downloading significant amounts of data, or accessing particularly sensitive information.”

Lastly—and this might be difficult in a rapid scale-up of a remote workplace—make sure all employees have appropriate non-disclosure agreements in place and receive training on the proper handling of confidential information. Employees should be regularly reminded of the company’s policies for protecting its data and the consequences for failing to do so.


To read the full article, visit the Compliance Week website.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress