December 1, 2022
The Act to modernize legislative provisions as regards the protection of personal information, SQ 2021, c. 25, amending the Act respecting the protection of personal information in the private sector, CQLR c P-39.1 [Act], among others, was proclaimed in force on September 22, 2021. Several provisions came into force on September 22, 2022. The bulk of the amendments, however, will come into force only on September 22, 2023.
As employers will face new obligations at that date, it is important to bear in mind both existing and upcoming rules.
September 8, 2022
The Cyberspace Administration of China (hereinafter referred to as “CAC”) promulgated Guidelines for the Application for Data Export Security Assessment (First Edition) (hereinafter referred to as “Guidelines (First Edition)”) on 31 August 2022. The Guidelines (First Edition) set forth the applicable circumstances, methods and process of data export security assessment (hereinafter referred to as “Security Assessment”) mentioned in the Measures for the Data Export Security Assessment (hereinafter referred to as “Assessment Measures”). In this article, the authors summarize the key points of the Guidelines (First Edition), for the ease of readers reference. Read more…
September 2, 2022
On late Aug 31st 2022, the Cyberspace Administration of China(“CAC”) promulgated the first edition of the Application Guidance for Data Export Security Assessment (the “Guidance”). Being released just ahead of the Assessment Measures of Data Export Security Assessment (the “CAC Assessment Measures”) becoming effective, the Guidance provides for the manners, procedures and documentations required for a data export security assessment under the CAC Assessment Measure (the “CAC Assessment”). Read more…
October 16, 2020
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, obtained two large breach-related settlements: one from a HIPAA Covered Entity and one from a HIPAA Business Associate. These enforcement actions signal that despite COVID-19 related challenges, organizations continue to face rampant data breaches and ensuing HIPAA enforcement.
July 29, 2020
While businesses and their employees continue to operate in the “new frontier” of working-from-home during the COVID-19 pandemic and the gradual reopening of the economy, a serious risk continues to present itself: the threat of cybercrime. The increased use of remote access to work systems and related applications has made businesses a prime target for those unscrupulous individuals seeking to encroach on companies’ cyber-landscape. Flaws in VPNs, firewalls, and videoconferencing, for example, have exposed many companies’ electronic infrastructures to these incursions. Similarly, the at-home workforce has increasingly been subjected to social engineering attacks often cloaked as communications purporting to provide information about pandemic-related issues.
June 24, 2020
Employers’ engagement and use of various types of vendors has expanded recently, to include vendors who assist with office re-entry screening and contact tracing as employees return to work during the COVID-19 pandemic. The service agreements that are negotiated and executed for this purpose should sufficiently address data privacy and security considerations related to employee personally identifiable information (PII). This is necessary for any service provider or vendor agreement. In the absence of a federal law governing data security and breach notification of employee PII, employers must comply with increasing state and local legal requirements to ensure the protection of employee PII which employers obtain in the normal course of employment. Many states have breach reporting laws that apply to data held by employers, such as employee social security numbers. Other states, such as New York, have laws encompassing PII breach reporting and mandating certain data protections. For example, the New York Stop Hacks and Improve Electronic Data Security Act (“Shield Act”) requires employers to implement a cybersecurity program providing protective measures for New York resident-employees’ PII.
May 7, 2020
Employees returning to the office after weeks of remote work creates data privacy and cybersecurity challenges that businesses need to confront head on. These considerations are especially critical as many states and regulators are requiring employers to collect COVID-19 related health information. Below are 10 ways to combat potential cyber risks and stay #CyberSavvy while employees are returning to work.
May 6, 2020
Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before. There is likely no going back. Employers have been relying on a remote workforce by necessity in the short term and are realizing that in the long term they can operate efficiently and productively with their staff largely out of the office. The public health risks will, for the foreseeable future, be the driver both on employers’ need for a remote workforce to achieve continuity of operations and employees’ demand for a safer work location. The increased numbers of remote workers will no doubt be lasting. But with this anticipated restructuring of work must come a comprehensive evaluation of the corresponding cybersecurity risks over the long term and how best to address them. As employers look forward to the future of securing remote work in their organizations, they should review the following top ten considerations as part of their defense in depth.
April 13, 2020
As featured in #WorkforceWednesday: With all the challenges businesses are facing, it is hard to stay focused on data security. Hackers see the newly remote workforce as an opportunity, and phishing attacks are on the rise. Employers can fight back in a few ways:
- Educate employees.
- Update training materials and work-from-home policies.
- Get security patches to employee devices quickly.
- Update your data breach response plan and communicate it.
- Remind your employees to help keep data secure by password-protecting devices with strong passwords and protecting sensitive information from others near their remote working location.
April 8, 2020
In March 2020, as professionals worked from home due to COVID-19, Zoom video conferences surged in popularity while, conversely, lawyers cast weary glances at the Alexa device in their home office, wondering if it was recording confidential communications. While society struggles with its relationship with ubiquitous communication devices, here is advice on properly configuring Zoom and Alexa privacy settings. READ MORE