COVID-19: 5 States Grant Businesses Immunity from Liability for COVID-19 Claims

On the heels of rolling executive orders from Governors across the country granting civil immunity to healthcare organizations and workers during the COVID-19 crisis, States are now moving to protect businesses as well.

As of June 19, 2020, Louisiana, North Carolina, Oklahoma, Utah, and Wyoming have enacted laws that grant businesses immunity from civil lawsuits related to the coronavirus.  Businesses that remained open during the crisis and those now beginning to reopen welcome the immunity protections.  Worker and consumer advocates decry the legislative developments, calling them an unfair limitation on legal recourse.

You can read the rest of my blog here. Congressional action to give businesses federal immunity for COVID-19 claims is currently under debate. More states also continue to grant state-level protections.

Californians to Vote on Privacy Law Tweaks and Expansion in November 2020

Last week, California’s Secretary of State announced that the California Privacy Rights Act (CPRA) that will be on November 2020 ballot. The Californian’s for Consumer Privacy which brought forth the groundbreaking California Consumer Privacy Act (CCPA) that is now the law of the land, wants to push protections farther.

The group tells Californians that the CPRA “will give you the power to take back control over your personal information, expand consumer rights, create more transparency and establish an enforcement arm to protect these rights.” With ACLU polls showing 90% of California voters want more privacy protections, the state is once again poised to lead the nation in privacy law advances.

The CA Secretary of State summarizes the proposed CPRA as follows:

AMENDS CONSUMER PRIVACY LAWS. INITIATIVE STATUTE

  • (1) prevent businesses from sharing personal information; (2) correct inaccurate personal information; and (3) limit businesses’ use of “sensitive personal information”—such as precise geolocation; race; ethnicity; religion; genetic data; union membership; private communications; and certain sexual orientation, health, and biometric information.
  • Changes criteria for which businesses must comply with these laws.
  • Prohibits businesses’ retention of personal information for longer than reasonably necessary.
  • Triples maximum penalties for violations concerning consumers under age 16.
  • Establishes California Privacy Protection Agency to enforce and implement consumer privacy laws, and impose administrative fines.
  • Requires adoption of substantive regulations.”

    The Legislative Analyst and Director of Finance assessment indicates:
  • “Increased annual state costs of roughly $10 million for a new state agency to monitor compliance and enforcement of consumer privacy laws.
  • Increased state costs, potentially reaching the low millions of dollars annually, from increased workload to DOJ and the state courts, some or all of which would be offset by penalty revenues.
  • Unknown impact on state and local tax revenues due to economic effects resulting from new requirements on businesses to protect consumer information. (19-0021A1.)”

(bullets added for readability)

My recent overview of the CCPA — before any changes from a successful ballot measure — can be found here.

Implications on Workplace Safety Litigation in the Wake of Dismissed Claims Against Smithfield Foods

I recently wrote an article on the dismissal of a COVID-19 lawsuit that could have far reaching effects on future workplace safety cases. A U.S. district court judge in Missouri ruled that federal agencies — not courts — are in the best position to determine if companies are complying with COVID-19 worker safety standards.

A U.S. district judge in Missouri recently dismissed a worker’s protection lawsuit filed by the Rural Community Workers Alliance. The suit alleged that Smithfield Foods, Inc, the world’s largest pork producer, failed to provide adequate workplace safety in its Milan, Missouri plant. In his opinion, Judge Greg Kays signaled that federal agencies are better suited to determine whether Smithfield’s meatpacking facility complies with relevant federal standards on health protections for workers during the COVID-19 crisis.

Read the rest here.

Marketers Shift Away from Campaign-based Thinking

“What has been interesting for us has been to see the gradual change amongst marketers who are only now starting to recognize the need to shift away from campaign-based thinking to a more comprehensive mindset for content and customer engagement,” says Jamie Posnanski of Accenture. Read more on 2018 content marketing trends here .  Chimp Tools
Is your marketing strategy evolving towards content and customer engagement?

What’s all this talk about digital transformation?

Digital transformation: Some organizations see it as a scary idea, wreaking revolutionary, unsettling changes. Others are curious — just what does this buzzword mean and what are we transforming into? Regardless of your viewpoint, your enterprise seriously needs to understand and chart its course to becoming a digital ninja. Like it or not, your success depends on how quickly your organization captures, absorbs and uses digital information. Read moretwitter_digitaltransformation.png

 

North Korean WannaCry Ignites Government-Industry Collective Defense

 

North-korea-wannacry-hacking-attack-805227

In a Monday Wall Street Journal op-ed Thomas P. Bossert, Trump’s homeland security adviser, declared “[t]he [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible.” The findings are based on evidence says Bossert, and he is backed up by UK and Microsoft.

A Washington Post Bossert quote ratchets up the call for closer government-industry cyberdefenses. “[S]ome say that defending cyberspace is impossible and that hackers are inevitable. I disagree. . . . Government and industry must work together, now more than ever, if we are serious.”

Today, US and UK officials suggested it was highly likely the Lazarus Group was backed by the North Korean government. Facebook deleted accounts associated with Lazarus last week “to make it harder for them to conduct their activities,” reports The Guardian,  Facebook announced it acted with Microsoft “and other members of the security community” to disrupt the group’s activities.

A few hours ago Axious reports that the Department of Homeland Security (DHS) plans on intervening in U.S. company cybersecurity issues when necessary.

“The Department of Homeland Security is now calling on all companies to commit to U.S. collective defense, per Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at DHS. But Bossert wouldn’t go so far as to say that an attack on a U.S. company constitutes an attack on the country.

DHS plans to move beyond offering voluntary assistance on cybersecurity issues and instead plans on intervening directly when necessary, per Manfra.”

Watch for much closer public-private actions to combat state-actor cyberattacks. 

Breaking News – Supreme Court to Rule on Microsoft EU Emails

A significant battle between Microsoft and law enforcement has made its way to the US Supreme Court. The DC Court of Appeals struck down lower courts’ decisions that Microsoft must give US law enforcement client emails  stored in Ireland in a drug trafficking case. The  upcoming Supreme Court ruling on this case will have far-reaching impact in our digital economy where data crisscrosses the global internet, coming to rest on a server in a particular country.

global internet

How far do US laws extend to data stored in foreign countries?

If Microsoft is forced to hand over the emails from their Ireland data center, how will EU data protection authorities react?  Especially, given that the General Data Protection Regulations, an overhaul of EU data privacy laws, massive financial penalties for non-compliance take effect in May 2018.

If Microsoft does not have to hand over the emails, will criminals hide their communications and data overseas so US law enforcement cannot access it?

Be sure to follow this case and watch for the Supreme Court ruling.

Data Protection is Everybody’s Job

Data protection is everybody’s job today. With the perfect storm of  a doubling of data every two years, juicy dark web profits for stolen personal info and crushing data breach business impacts, organizations simply have to build data protection values into the company’s culture.  Read this blog for practical tips on how to do this in your organization.

 

Groundbreaking Cybersecurity Regulation Kicks in Today for New York Financial Institutions

It’s the first of it’s kind, but  surely not the last. The groundbreaking New York Department of Financial Services cybersecurity regulation takes effect today, August 28, 2017.  All financial services organizations operating in New York must be in compliance, along with their law firms and accountants. This regulation is likely the forerunner of more state cybersecurity regulations, especially after the summer of WannaCry and Not Petya. Learn more about the regulation in  a blog I wrote, published by the information governance leader Iron Mountain.