This blog post was cross-posted from Seyfarth’s Employment Law Lookout blog.

In the case of Okonowsky v. Garland23-55404.pdf (law360news.com), the Ninth Circuit considered a claim that social media posts made by a co-worker on a personal account constitute actionable workplace harassment under Title VII.  The appeals court firmly “reject[ed] the notion that only conduct that occurs inside the physical workplace can be actionable, especially in light of the ubiquity of social media and the ready use of it to harass and bully both inside and outside of the physical workplace.” 

Continue Reading Personal Does Not Mean Private: Ninth Circuit Holds Personal Social Media Posts Can Constitute Workplace Harassment

Seyfarth Synopsis: Earlier this year, we reported that the Illinois Senate passed Senate Bill 2979 with a vote of 46 to 13, and the Illinois House of Representatives passed Senate Bill 2979 with a vote 81 to 30. This bill addressed concerns arising from recent legal interpretations of the Illinois Biometric Information Privacy Act (“BIPA,” 740 ILCS 14/ et seq.), particularly following the Illinois Supreme Court’s 2023 decision in Cothron v. White Castle System Inc., in which the Court held that a claim under BIPA accrues each time that an individual’s biometric information or identifier is captured or collected.

Continue Reading BIPA LEGISLATIVE UPDATE: Governor Pritzker Signs Amendment Limiting Damages To A Single Recovery

The Personal Data Protection (Amendment) Bill 2024 (“PDPB”) was at last passed by the Malaysian Parliament at the end of July. After Royal Assent and publishing, it will become law (on a date to be determined by the Minister of Digital to be specified in the Gazette). The PDPB introduced several changes intended to better align Malaysia’s 2010 Personal Data Protection Act with global standards.

Continue Reading Malaysian Parliament Passes Personal Data Protection (Amendment) Bill 2024

This blog post was cross-posted from Seyfarth’s Consumer Class Defense site.

In a significant legislative development, the Illinois House of Representatives has overwhelmingly approved Senate Bill 2979, with a vote of 81 to 30, which amends the Illinois Biometric Information Privacy Act (BIPA) to limit damages to one violation per individual, rather than each instance their biometric information is captured, collected, disclosed, redisclosed, or otherwise disseminated. The bill also amended the definition of “written release” to include an electronic signature.

Last month, we reported on the Illinois Senate’s passage of the bill by a vote of 46 to 13. This legislative move is a direct response to the Illinois Supreme Court’s 2023 decision in Cothron v. White Castle. The Court ruled that under BIPA, a claim accrues each time an individual’s biometric information is captured or collected. This decision highlighted the urgent need for legislative clarity, as White Castle argued that it could face damages exceeding $17 billion if each of its employee’s time clock scans were found to recklessly or intentionally violate BIPA. Recognizing the potential for such devastating liability, the Court called on the Illinois legislature to act.

In its original form, BIPA stated that an individual may be entitled to $1,000 or actual damages for each negligent violation, or $5,000 or actual damages for each reckless or intentional violation. The newly passed bill amends Sections 15(b) and 15(d) of BIPA to state that an “aggrieved person is entitled to, at most, one recovery under this Section.”

Having cleared both legislative chambers, the bill is now headed to Governor Pritzker for his signature.

If you have any questions about how this BIPA amendment may impact your business practices, please do not hesitate to contact your trusted Seyfarth Shaw advisor.

On March 22, 2024, following nearly six months after the publication of the Provisions on Promoting and Regulating Cross-border Data Flows (Draft for Solicitation of Comments), the Cyberspace Administration of China (“CAC”) officially released the Provisions on Promoting and Regulating Cross-border Data Flows (“the Provisions”), which came into immediate effect. In accordance with the Provisions, CAC has also issued the “Guidelines for Data Export Security Assessment Declaration (Second Edition)” and the “Guidelines for Filing Standard Contracts for Personal Information Export (Second Edition).”

Continue Reading Practical Insights from China on the Newly Issued Provisions on Cross-Border Data Transfer

Address
Seyfarth Shaw Hong Kong Office
Suite 3701 & 3708-3710, 37F
Edinburgh Tower, The Landmark
15 Queen’s Road Central
Central, Hong Kong

Tuesday, 21 May 2024 (HKT)
8.30 – 9.00 a.m. Check-in and Breakfast
9.00 – 10.00 a.m. Roundtable
10.00 – 10.30 a.m. Refreshments
Breakfast will remain available during the roundtable

Cost
There is no cost to attend, but registration is required.

REGISTER HERE

About the Programme

In recent years, privacy and cybersecurity consistently hit the top of legal leaders’ lists of their biggest concerns. In fact, a recent Association of Corporate Counsel Chief Legal Officers Survey found that, when rating a list of items on their importance to the business, CLOs placed cybersecurity, regulation and compliance issues, and data privacy as the top three most critical issues for the business.

Continue Reading Upcoming Event! Seyfarth Privacy Salon: Roundtable on Cross-Border Data Transfers, Privacy, and Cybersecurity

Seyfarth Synopsis: This past Monday, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) issued its final rule aimed at strengthening the HIPAA Privacy rules as they are applied to reproductive health data.

On the heels of the release of the 2022 US Supreme Court decision in Dobbs v. Jackson Women’s Health Organization, the Biden Administration directed the Federal agencies to examine what they could do to protect women’s health and privacy. Shortly thereafter, HHS released guidance under HIPAA related to reproductive health care services under a health plan, focusing on information required to be disclosed by law, for law enforcement purposes, and to avert a serious threat to health or safety (see our earlier Alert here). Then, in April 2023, HHS issued proposed modifications to the HIPAA Privacy Rule aimed at these concerns. A year later, the agency finalized those rules on April 22, 2024 – the Final Rule.

Continue Reading HHS Strengthens HIPAA Rules to Protect Reproductive Health Privacy

Tuesday, May 28
1:00 p.m. to 2:00 p.m. Eastern
12:00 p.m. to 1:00 p.m. Central
11:00 a.m. to 12:00 p.m. Mountain
10:00 a.m. to 11:00 a.m. Pacific

REGISTER HERE

About the Program

In today’s ever-evolving and interconnected world, trade secret protection demands proactive measures against both technological vulnerabilities and human threats. Join us for the fourth installment of our 2024 Trade Secrets Webinar Series, where our panel of seasoned trade secrets and cybersecurity attorneys will equip you with practical strategies to bolster your defenses.

Continue Reading Upcoming Webinar! Data Protection and Cybersecurity: Safeguarding Trade Secrets in the Digital Age

The European Union (EU)’s government organizations are just like any another entity trying to function in a world where global companies and even government entities are reliant on digital platforms for messaging and collaboration. For years, there has been debate about how platforms like Microsoft 365, formerly Office 365, could be deployed in a way that complies with the GDPR processing and transfer restrictions. And it turns out that even the European Commission (EC) itself can apparently get it wrong. In a surprising turn of events earlier this month, the European Data Protection Supervisor (EDPS) concluded its nearly three year investigation into the Commission’s own deployment and use of Microsoft 365, signaling a pivotal moment in the conversation about the GDPR privacy and security requirements for cloud-based messaging and document collaboration platforms.

Continue Reading Surprising Plot Twist: The European Data Protection Supervisor Reprimands the European Union for its use of Microsoft 365

This blog is cross-posted on the Consumer Class Actions blog site as well.

Throughout much of 2023, businesses found themselves in a challenging position as they continued to grapple with defending against Illinois Biometric Information Privacy (BIPA) class action lawsuits. The year began on a somber note with the Illinois Supreme Court delivering unfavorable decisions on two pivotal threshold matters. However, rays of hope emerged when the same court issued two favorable decisions, one affirming union preemption, and another concerning medical exemptions under BIPA. These welcomed developments provided a reprieve for businesses contending with the longstanding challenges posed by the statute. As we navigate the complexities of BIPA, it becomes crucial for businesses to recognize and consider the various exemptions embedded within the legislation—many of which have proven effective in legal defenses over the past few years.

Continue Reading Privacy In Focus: BIPA’s Current Landscape and the Crucial Role of Statutory Exemptions