Since its enactment a decade ago, the Illinois Biometric Information Privacy Act (BIPA) has seen a recent spike in attention from employees and consumers alike. This is due, in large part, to the technological advancements that businesses use to service consumers and keep track of employee time.

What Is The BIPA?

Intending to protect consumers,

shutterstock_384992695Wearable device data may be the next big thing in the world of evidence for employment cases since social media. Given that it has already been used in personal injury and criminal cases, it is only a matter of time before wearable device data is proffered as evidence in an employment case.

From Fitbit to the Nike FuelBand to a slew of others, the worldwide wearable market has exploded in recent years. In a world increasingly obsessed with health and fitness, wearable devices offer instantaneous and up-to-the-minute data on a number of metrics that allow the user to assess his or her own health and fitness. Wearable devices can track information like heart rate, calories, general level of physical activity, steps taken, diet, blood glucose levels and even sleep patterns. Given the nature of the information captured, it is easy to see how wearable device data may be relevant to claims of disability discrimination, workers’ compensation and even harassment.
Continue Reading

Over the past several years, technology has dramatically increased employee accountability in the workplace. For example, in an office environment, employees are expected to respond to emails immediately because they are either sitting in front of their computers or carrying a mobile device on which they can access their email. As for employees who work outside the office, the availability of employer-issued phones and, alternatively, the proliferation of “bring your own device” policies, has resulted in off-site employees being generally just a phone call away. In specific industries in which employees drive motor vehicles while conducting business for the employer, yet another method of accountability exists: GPS.
Continue Reading

Today the European Court of Justice (“ECJ”) issued its Judgment in the Schrems case, and in doing so, added another tremor to the ongoing seismic shift related to cross-border privacy law. The two major elements of today’s Judgment are: 1) that Commission Decision 2000/520/EC  of 26 July 2000 of the adequacy of the protection provided by the US Safe Harbor Framework (the “Safe Harbor Decision”) is invalid, and 2) even if the Safe Harbor Decision were otherwise valid, no decision of the Commission can reduce the authority of a national data protection authority to enforce data protection rights as granted by Article 28 of Directive 95/46/EC (the “DP Directive”).

Clearly, the first element brings a more immediate concern for all the companies participating in the Safe Harbor framework. However, the second element will have much longer term consequences for the stability of US-EU commerce and privacy law.
Continue Reading

In any case involving a data breach of customer or employee information, the first line of defense for the defendant is to assert that the plaintiff(s) lack standing to bring suit. In Remijas v. Neiman Marcus Group, the Seventh Circuit became the first United States Court of Appeals to tackle the issue of standing in the context of data breach litigation since the Supreme Court’s pronouncement on standing in Clapper.
Continue Reading