On the heels of rolling executive orders from Governors across the country granting civil immunity to healthcare organizations and workers during the COVID-19 crisis, States are now moving to protect businesses as well.
As of June 19, 2020, Louisiana, North Carolina, Oklahoma, Utah, and Wyoming have enacted laws that grant businesses immunity from civil lawsuits related to the coronavirus. Businesses that remained open during the crisis and those now beginning to reopen welcome the immunity protections. Worker and consumer advocates decry the legislative developments, calling them an unfair limitation on legal recourse.
You can read the rest of my blog here. Congressional action to give businesses federal immunity for COVID-19 claims is currently under debate. More states also continue to grant state-level protections.
Last week, California’s Secretary of State announced that the California Privacy Rights Act (CPRA) that will be on November 2020 ballot. The Californian’s for Consumer Privacy which brought forth the groundbreaking California Consumer Privacy Act (CCPA) that is now the law of the land, wants to push protections farther.
The group tells Californians that the CPRA “will give you the power to take back control over your personal information, expand consumer rights, create more transparency and establish an enforcement arm to protect these rights.” With ACLU polls showing 90% of California voters want more privacy protections, the state is once again poised to lead the nation in privacy law advances.
(1) prevent businesses from sharing personal information; (2) correct inaccurate personal information; and (3) limit businesses’ use of “sensitive personal information”—such as precise geolocation; race; ethnicity; religion; genetic data; union membership; private communications; and certain sexual orientation, health, and biometric information.
Changes criteria for which businesses must comply with these laws.
Prohibits businesses’ retention of personal information for longer than reasonably necessary.
Triples maximum penalties for violations concerning consumers under age 16.
Establishes California Privacy Protection Agency to enforce and implement consumer privacy laws, and impose administrative fines.
Requires adoption of substantive regulations.”
The Legislative Analyst and Director of Finance assessment indicates:
“Increased annual state costs of roughly $10 million for a new state agency to monitor compliance and enforcement of consumer privacy laws.
Increased state costs, potentially reaching the low millions of dollars annually, from increased workload to DOJ and the state courts, some or all of which would be offset by penalty revenues.
Unknown impact on state and local tax revenues due to economic effects resulting from new requirements on businesses to protect consumer information. (19-0021A1.)”
(bullets added for readability)
My recent overview of the CCPA — before any changes from a successful ballot measure — can be found here.
I recently wrote an article on the dismissal of a COVID-19 lawsuit that could have far reaching effects on future workplace safety cases. A U.S. district court judge in Missouri ruled that federal agencies — not courts — are in the best position to determine if companies are complying with COVID-19 worker safety standards.
A U.S. district judge in Missouri recently dismissed a worker’s protection lawsuit filed by the Rural Community Workers Alliance. The suit alleged that Smithfield Foods, Inc, the world’s largest pork producer, failed to provide adequate workplace safety in its Milan, Missouri plant. In his opinion, Judge Greg Kays signaled that federal agencies are better suited to determine whether Smithfield’s meatpacking facility complies with relevant federal standards on health protections for workers during the COVID-19 crisis.
The business of law is changing. All corners of law firms are adapting to respond to outside counsel guidelines, growth strategies and mobile lawyer demands. Check out some of my recent Guest Blogs to learn more about these emerging challenges and how firms can overcome them with business acceptance and timekeeping technology advances.
“What has been interesting for us has been to see the gradual change amongst marketers who are only now starting to recognize the need to shift away from campaign-based thinking to a more comprehensive mindset for content and customer engagement,” says Jamie Posnanski of Accenture. Read more on 2018 content marketing trends here .
Is your marketing strategy evolving towards content and customer engagement?
Digital transformation: Some organizations see it as a scary idea, wreaking revolutionary, unsettling changes. Others are curious — just what does this buzzword mean and what are we transforming into? Regardless of your viewpoint, your enterprise seriously needs to understand and chart its course to becoming a digital ninja. Like it or not, your success depends on how quickly your organization captures, absorbs and uses digital information. Read more
In a Monday Wall Street Journal op-ed Thomas P. Bossert, Trump’s homeland security adviser, declared “[t]he [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible.” The findings are based on evidence says Bossert, and he is backed up by UK and Microsoft.
A Washington Post Bossert quote ratchets up the call for closer government-industry cyberdefenses. “[S]ome say that defending cyberspace is impossible and that hackers are inevitable. I disagree. . . . Government and industry must work together, now more than ever, if we are serious.”
Today, US and UK officials suggested it was highly likely the Lazarus Group was backed by the North Korean government. Facebook deleted accounts associated with Lazarus last week “to make it harder for them to conduct their activities,” reports The Guardian, Facebook announced it acted with Microsoft “and other members of the security community” to disrupt the group’s activities.
A few hours ago Axious reports that the Department of Homeland Security (DHS) plans on intervening in U.S. company cybersecurity issues when necessary.
“The Department of Homeland Security is now calling on all companies to commit to U.S. collective defense, per Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at DHS. But Bossert wouldn’t go so far as to say that an attack on a U.S. company constitutes an attack on the country.
DHS plans to move beyond offering voluntary assistance on cybersecurity issues and instead plans on intervening directly when necessary, per Manfra.”
A significant battle between Microsoft and law enforcement has made its way to the US Supreme Court. The DC Court of Appeals struck down lower courts’ decisions that Microsoft must give US law enforcement client emails stored in Ireland in a drug trafficking case. The upcoming Supreme Court ruling on this case will have far-reaching impact in our digital economy where data crisscrosses the global internet, coming to rest on a server in a particular country.
How far do US laws extend to data stored in foreign countries?
If Microsoft is forced to hand over the emails from their Ireland data center, how will EU data protection authorities react? Especially, given that the General Data Protection Regulations, an overhaul of EU data privacy laws, massive financial penalties for non-compliance take effect in May 2018.
If Microsoft does not have to hand over the emails, will criminals hide their communications and data overseas so US law enforcement cannot access it?
Be sure to follow this case and watch for the Supreme Court ruling.
Data protection is everybody’s job today. With the perfect storm of a doubling of data every two years, juicy dark web profits for stolen personal info and crushing data breach business impacts, organizations simply have to build data protection values into the company’s culture. Read this blog for practical tips on how to do this in your organization.
It’s the first of it’s kind, but surely not the last. The groundbreaking New York Department of Financial Services cybersecurity regulation takes effect today, August 28, 2017. All financial services organizations operating in New York must be in compliance, along with their law firms and accountants. This regulation is likely the forerunner of more state cybersecurity regulations, especially after the summer of WannaCry and Not Petya. Learn more about the regulation in a blog I wrote, published by the information governance leader Iron Mountain.