Employers continue efforts to monitor staff in the workplace

(Apr 16, 2019) CNBC reports on the continued rise of employers monitoring their staff in the workplace and whether privacy laws offer any protection from the practices. A 2018 Gartner study found 22% of companies around the world use employee-movement data, 17% monitor work-computer use, and 16% examine Microsoft Outlook and calendar data. Amazon recently received a patent to detect warehouse workers’ location, while Walmart patented a system to listen in on their employees and customers. “Employees are in a d... Read More

DHS warns of potential enterprise VPN hacking

(Apr 15, 2019) The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has warned four enterprise virtual private network app providers of system vulnerabilities, Fortune reports. The agency and the CERT Coordination Center, a nonprofit internet emergency response team, issued an advisory to Cisco, Palo Alto Networks, Pulse Secure and F5 Networks regarding the incorrect storage of cookies by each VPN app, which hackers could use to access a person's private computer. Rather ... Read More

Personal data violation leads to ICO fine for former NHS manager

(Apr 11, 2019) The U.K. Information Commissioner's Office reports that it is fining a former National Health Service manager for sending personal information from her work email to a personal account without authorization. An email exchange between the manager’s work account and her personal email included personally identifiable information for 13 individuals who had submitted applications to the medical facility. In a statement, the ICO said the woman was "an experienced practice manager and had completed re... Read More

An overview of Polish authorities' conflicting guidance

(Apr 3, 2019) Based on a request from Poland's Small and Medium Enterprises (Rzecznik Małych i Średnich Przedsiębiorstw), the Polish Ministry of Digitalisation published clarifications regarding “the further collection of Personal Data of individuals applying for a job, after completion of the recruitment process.” In it, the document attempts to clear up uncertainties regarding the processing of recruitment documentation in cases where there are currently no ongoing recruitments or where such a recruitment p... Read More

CNIL adopts model regulation on employers' use of biometrics

(Apr 3, 2019) After a public consultation, France’s data protection authority, the CNIL, has adopted the model regulation "biometrics in the workplace." The CNIL’s model regulation states companies can install “biometric access control devices” as long as they comply with the agency’s rules. Organizations must be able to justify their use of biometric data and also follow obligations listed out in the EU General Data Protection Regulation. Employers must document any decisions they make with biometric devices... Read More

Video: Headset measures brain activity during workday

(Apr 3, 2019) In a video from Reuters, San Francisco startup EMotiv and SAP are teaming up on a headset that tracks and projects a user's brain activity to increase employee productivity. EMotiv's technology, used to diagnose sleep disorders and epilepsy, will employ a built-in algorithm to collect data on the state of mind and track the brain's ebb-and-flow between focus and distraction. With employee consent, the anonymously collected data, which is compiled in bunches to further protect user privacy, will ... Read More

Ex-NWT manager reaches settlement in data breach website case

(Mar 29, 2019) The former manager of the Northwest Territories Justice Department has reached a settlement with the territorial government over his data breach website, CBC News reports. Donn MacDougall created infobreach.ca, where he stated the government allegedly breached employees’ privacy. MacDougall published personally identifiable information on his former colleagues as he made his case against the government. As part of the settlement, MacDougall has been ordered to destroy all the records he used for... Read More

Poland's new rules on employee privacy and documentation

(Mar 28, 2019) Baker McKenzie’s Global Compliance News reports on Poland’s new rules on employee privacy and documentation that took effect Jan. 1. Noting major changes laid out by the law, it outlines the new obligations facing employers and provides a set of recommendations for employers to ensure compliance. Under the new requirements, employers are required to store employee documentation in a manner that “ensures confidentiality, integrity, completeness and availability, in conditions that do not cause da... Read More

Employee biometric lawsuits on the rise following Illinois Supreme Court ruling

(Mar 28, 2019) The Wall Street Journal reports on the increased amount of lawsuits filed by staff members against employers over the use of their biometric information. The amount of cases has ramped up after the Illinois Supreme Court ruled businesses can be liable for violations of the state’s Biometric Information Privacy Act even when plaintiffs cannot prove they suffered any harm. Since the Supreme Court’s ruling in January, Shook, Hardy & Bacon Privacy and Data Security Practice Chair Al Saikali, CIP... Read More

Study: 61 percent of IT execs believe employees maliciously leak data

(Mar 25, 2019) An Egress study found 61 percent of IT leaders believe employees maliciously put data at risk in the last 12 months, Verdict reports. The study polled 250 chief information officers, chief technology officers, information technology directors and 2,000 employees from the U.S. and U.K. Of the 250 high-level IT professionals, 79 percent felt employees had accidentally put data at risk over the same time period. The 2,000 employees did not share the same sentiments as the IT leaders, as 92 percent ... Read More