Wednesday, February 22, 2017
Washington, D.C.

Agenda
9:00 – 9:30 a.m. — Breakfast & Registration
9:30 – 11:00 a.m. — Program

Seyfarth Shaw LLP
975 F Street, N.W.
Washington, D.C. 20004
(202) 463-2400

Finding the delicate balance between an employee’s right to privacy and the employer’s need to run its business can be challenging. There are many legitimate reasons that an employer may have for intruding on otherwise “private” matters of employees, such as conducting workplace investigations, responding to agency inquiries or subpoenas, or fulfilling its obligations during discovery in a lawsuit. With the rapid surge in the use of technology and social media in the workplace, the stakes in the workplace privacy arena are becoming even higher for employers.

Please join us on Wednesday, February 22, for a discussion of what every employer needs to know regarding recent legal developments on select issues in workplace privacy, including:

  • Monitoring employee company and personal web-based electronic mail.
  • The NLRB’s developing case law on disciplining employees based on social media postings.
  • Privacy issues presented by Bring Your Own Device policies.
  • The use of social media in hiring and legal limits on accessing employee social media information.

Cost: There is no cost to attend but registration is required and seating is limited.

register

 

 

If you have any questions, please contact events@seyfarth.com and reference this event.

shutterstock_172034426Cross-posted from Carpe Datum Law.

Beginning on April 12, 2017, U.S. organizations that are subject to the investigatory and enforcement powers of the FTC or the Department of Transportation will be able to self-certify to the newly adopted Swiss–U.S. Privacy Shield Framework (“Swiss Privacy Shield”). The Swiss Privacy Shield will allow transfers of Swiss personal data to the United States in compliance with Swiss data protection requirements. The Swiss Privacy Shield will replace the U.S.–Swiss Safe Harbor Framework and will impose similar data protection requirements established last summer for cross-border transfers of personal data from the EU under the EU–U.S. Privacy Shield (“Privacy Shield”).

With the adoption of the Swiss Privacy Shield, transfers of personal data from Switzerland under the Swiss Safe Harbor Framework will no longer be permitted. Organizations currently registered with the Swiss Safe Harbor would need to certify under the Swiss Privacy Shield or implement alternative methods for complying with Swiss data transfer restrictions, such as Standard Contractual Clauses and Binding Corporate Rules. To join the Swiss Safe Harbor, organizations would need to ensure that their privacy policies, notices, statements, and procedures are in compliance with the new framework. The Department of Commerce provides sample language that can be used in an organization’s privacy policy to signify its participation in the Swiss Privacy Shield.

Organizations with active Privacy Shield certifications will be able to add the Swiss Privacy Shield registration to their existing Privacy Shield accounts, at a separate annual fee. Similarly to the Privacy Shield, the fee for participation in the Swiss Privacy Shield will be tiered based on the organization’s annual revenue. The exact fee structure will be made available sometime before April 12.

Notably, organizations with dual registrations, would need to recertify under both the Privacy Shield and the Swiss Privacy Shield one year from the date the first of their two certifications was finalized. That means, for instance, that an organization that registered for the Privacy Shield on September 1, 2016, which then registers for the Swiss Privacy Shield on May 1, 2017, would need to complete its annual recertification under both frameworks by September 1, 2017.

While the requirements of the two frameworks are nearly identical, there are a few differences: Continue Reading The Swiss Privacy Shield Opens for Business on April 12

Cross-Posted from Carpe Datum Law.

shutterstock_318496325The EU Article 29 Data Protection Working Party (WP 29) is continuing its work in preparation for the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which will take effect in May 2018. Last month, the WP29 released three sets of guidelines for controllers and processors of personal data, including guidelines on the right to data portability, on data protection officers, and on the lead supervisory authority. Key takeaways from these three guidelines can be found on our eDiscovery blog.

This month, WP29 announced that it adopted its “2017 GDPR Action Plan.” The Plan identifies two areas of focus: (1) follow up on 2016 topics, and (2) new 2017 priorities. The follow-up work will include finalizing guidelines on certification and processing likely to result in a high risk and Data Protection Impact Assessments, administrative fines, the setting up of the European Data Protection Board (EDPB), and the preparation of the one-stop-shop” and EDPB consistency mechanism.

This year, WP29 plans to prepare and release guidelines on the topics of consent, profiling, and transparency. The WP29 will also work on the update of already existing opinions on data transfers to third countries and data breach notifications. This year, companies that rely on transfers of personal data from the EU may have the following three opportunities to engage with the WP29 and EU Data Protection Authorities (DPAs):

  • On April 5-6, 2017, the WP29 will hold a Fablab meeting, where interested stakeholders will have an opportunity to present their views and comments on the identified 2017 priorities.
  • On May 18-19, 2017, the WP29 will organize an interactive workshop where non-EU counterparts will be invited to exchange views on the GPDR and its implementation by the WP29.
  • The press release also states that relevant public consultations “may be” launched at a national level by local DPAs.

The WP29 plans to review its 2017 plan periodically and prepare a new plan for 2018 to finish the preparation work. We will be commenting on the forthcoming GDPR guidelines as they are released by the WP29.

shutterstock_519689296Seyfarth Shaw is pleased to announce the launch of Carpe Datum Law, a one-stop resource for legal professionals seeking to stay abreast of fast-paced developments in eDiscovery and information governance, including data privacy, data security, and records and information management. Seyfarth’s eDiscovery and Information Governance (eDIG) practice group created Carpe Datum Law to serve as a timely and unique resource for executives and corporate in-house counsel to obtain reports on developments, trends and game-changing decisions in these data-driven areas of the law.

Click here to access the new Carpe Datum Law blogsite.

The Carpe Datum Law blog takes a comprehensive view of the legal and practical aspects of corporate data challenges, reflecting the broad strength across the spectrum of data law by Seyfarth’s veteran 14-lawyer eDIG practice group, which has served clients since 2004. Regular readers will benefit from its comprehensive perspective and guidance on how the law is adapting to the interrelated challenges of keeping corporate data secure and in compliance with data privacy laws, adapting to new best practices in information governance, and maintaining defensible data preservation, collection and review when eDiscovery is required.

Carpe Datum Law is a must-read for anyone expected to stay ahead of the curve on how best to manage the growing risks in these areas, in particular:

  • C-Level Executives whose portfolios of responsibility include managing risks with respect to their corporate data
  • In-House Counsel responsible for eDiscovery, data and cybersecurity, data privacy compliance and/or the enterprise’s information governance
  • eDiscovery, IT, IT Security and Privacy Managers who work closely on these issues with their organization’s executives and legal teams
  • Consultants, Academics and Thought Leaders who must stay up-to-speed on legal developments in order to serve their organizational clients

Whether steering policy or implementing it, Carpe Datum Law provides well-informed news and analysis that will keep you and your team up-to-speed. From judicial decisions implementing the new eDiscovery amendments to the Federal Rules of Civil Procedure to guidance on compliance with the upcoming European Union General Data Protection Regulation, Carpe Datum Law provides the news and seasoned analysis you would expect from Seyfarth’s eDIG group.

Carpe Datum Law can be accessed at www.carpedatumlaw.com.

shutterstock_196544378Cross Posted from Carpe Datum Law.

China has finalized a broad new Cyber Security Law, its first comprehensive data privacy and security regulation.  It addresses specific privacy rights previously adopted in the European Union and elsewhere such as access, data retention, breach notification, mobile privacy, online fraud and protection of minors.

There is plenty in the new law to irritate international businesses operating in China.  It requires in general that Chinese citizens’ data be stored only in China, for starters, possibly requiring global corporations to maintain separate IT systems for Chinese data.  Most of the privacy enhancements benefiting citizens align with those required in the European Union, but it is unclear how the Chinese will expect compliance, particularly since, as with many Chinese laws, its language is vague as to its scope, application and details.  This vagueness leaves interpretation to the State Council, the chief administrative authority in China, headed by Premier Li Keqiang.

The law expands Chinese authorities’ power to investigate even within a corporation’s Chinese data systems, and provides for draconian penalties for non-compliance by business entities or responsible individuals  include warnings, rectification orders, fines, confiscation of illegal gains, suspension of business operations or the revocation of the entity’s business license. Continue Reading China Finalizes New Cyber Security Law

CaptureDo you and your firm have adequate cybersecurity to prevent yourself (and your confidential client data) from getting hacked?

On Wednesday, December 7, at 11:00 a.m. Pacific, Richard Lutkus, a partner in Seyfarth Shaw’s eDiscovery and Information Governance Practice; and Joseph Martinez, Chief Technology Officer and Vice President of Forensics, eDiscovery & Information Security at Innovative Discovery, will present “A Big Target: Cybersecurity for Attorneys and Law Firms.”

This webinar will cover any considerations that attorneys should take into account when in possession of any client data from an information security perspective. Coverage will include both technical considerations, best practices and policies, as well as practical advice to steer clear of ethical violations.

This program will specifically address the following topics:

  • Information storage, retention, and remediation
  • Device management
  • Phishing and social engineering
  • Security considerations
  • Cloud storage and ethical considerations

Please join us for this informative webinar.

register

itechlaw_logoSeyfarth Shaw LLP is pleased to be a Global Sponsor at ITechLaw’s 2016 European Conference in Madrid on November 9-11.

ITechLaw is a not-for-profit organization established to inform and educate lawyers about the unique legal issues arising from the evolution, production, marketing, acquisition and use of information and communications technology.

The conference will feature a wide-ranging program and invaluable networking opportunities that will focus on cutting-edge legal topics, including e-commerce, e-contracting, disruptive technologies, data protection developments, and the impact of cognitive technologies in the legal spheres. Attendees at the European Conference include leading attorneys in private practice, in-house counsel, business executives focusing on the global economy, government officials and academics.

This year, Seyfarth Shaw Partner Robert B. Milligan serves on ITechLaw’s Board of Directors. He will also serve as the moderator of the Disruptive Technologies session, which will cover:

  • a practical approach to the Internet of Things (IoT)
  • consumer protection in the age of IoT
  • the impact of robotics, artificial intelligence & disruptive technologies in law

In addition, Seyfarth Shaw is pleased to co-sponsor the conference. Please stop by our table during the conference to learn about our Intellectual Property, Global Privacy & Security and Trade Secrets, Computer Fraud & Non-Competes Practice Groups.

For more information, click here.

shutterstock_189182636 (1)As the companies doing business in Europe are trying to get their arms around the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), but so far not making substantial headway, the European Data Protection Authorities (DPAs) are doing their own GDPR preparation by securing increased budgets and additional workforce.

Last week, the Irish Data Protection Commissioner (DPC), Helen Dixon, has “welcomed” the additional funding of €2.8 million for her office’s 2017 budget, as announced by the Government, bringing the total funding allocation to the DPC to over €7.5 million. The 2017 budget increases are in line with the increases in 2015 and 2016, representing a 59% increase on the 2016 allocation and over four times the €1.9 million provided to the DPC in 2014.

Commenting on the 2017 funding allocation, Helen Dixon stated:

“The additional funding being provided by Government in 2017 will be critical to our preparations for the implementation of the EU General Data Protection Regulation in May 2018. In 2017 we will continue to invest heavily in building our capacity and expertise, including the recruitment of specialist staff, to administer our new enforcement powers and all of our additional responsibilities under the new law.

Continue Reading Irish Data Protection Commissioner Welcomes Increases in Budget in Preparation for the GDPR Enforcement

CaptureOn Wednesday, November 2, at 1:00 p.m. Central, Seyfarth attorneys Karla Grossenbacher, Ari Hersher, Stacey Blecher, Meredith-Anne Berger, Elizabeth Levy and Selyn Hon will present “Navigating Employee Privacy Issues in the Workplace.”

The rise of technology in the workplace has resulted in a myriad of complex privacy issues. Employee privacy concerns are impacting employer decision-making more than ever. Is your company equipped to navigate these issues? In this cutting-edge webinar we will discuss:

  • The legal issues presented by an employer’s review of employee texts, emails and social media postings during workplace investigations;
  • The latest decisions from the NLRB regarding an employer’s ability to take action against employees based on social media postings;
  • Privacy considerations presented by the implementation of a BYOD policy; and
  • Private data security risks that arise from the use of cloud-based storage in the workplace

Please join us for this informative webinar so you will be prepared to confront the ever-increasing amount of privacy issues facing employers.

register

shutterstock_384992695Wearable device data may be the next big thing in the world of evidence for employment cases since social media. Given that it has already been used in personal injury and criminal cases, it is only a matter of time before wearable device data is proffered as evidence in an employment case.

From Fitbit to the Nike FuelBand to a slew of others, the worldwide wearable market has exploded in recent years. In a world increasingly obsessed with health and fitness, wearable devices offer instantaneous and up-to-the-minute data on a number of metrics that allow the user to assess his or her own health and fitness. Wearable devices can track information like heart rate, calories, general level of physical activity, steps taken, diet, blood glucose levels and even sleep patterns. Given the nature of the information captured, it is easy to see how wearable device data may be relevant to claims of disability discrimination, workers’ compensation and even harassment. Continue Reading Wearable Device Data: The Next Big Thing for Employment Litigation Cases