Cybersecurity/Data Privacy

Overview of the New Provisions of the Act Respecting the Protection of Personal Information in the Private Sector — What are the Implications for Employers?

The Act to modernize legislative provisions as regards the protection of personal information, SQ 2021, c. 25, amending the Act respecting the protection of personal information in the private sector, CQLR c P-39.1 [Act], among others, was proclaimed in force on September 22, 2021. Several provisions came into force on September 22, 2022. The bulk of the amendments, however, will come into force only on September 22, 2023.

As employers will face new obligations at that date, it is important to bear in mind both existing and upcoming rules.

Read full article

Llinks Bulletin: An Illustration of Data Export Security Assessment

The Cyberspace Administration of China (hereinafter referred to as “CAC”) promulgated Guidelines for the Application for Data Export Security Assessment (First Edition) (hereinafter referred to as “Guidelines (First Edition)”) on 31 August 2022. The Guidelines (First Edition) set forth the applicable circumstances, methods and process of data export security assessment (hereinafter referred to as “Security Assessment”) mentioned in the Measures for the Data Export Security Assessment (hereinafter referred to as “Assessment Measures”). In this article, the authors summarize the key points of the Guidelines (First Edition), for the ease of readers reference. Read more…

Read full article

Llinks Bulletin: China Issued Application Guidance for Data Export Security Assessment: Impact on Multinational Business

On late Aug 31st 2022, the Cyberspace Administration of China(“CAC”) promulgated the first edition of the Application Guidance for Data Export Security Assessment (the “Guidance”). Being released just ahead of the Assessment Measures of Data Export Security Assessment (the “CAC Assessment Measures”) becoming effective, the Guidance provides for the manners, procedures and documentations required for a data export security assessment under the CAC Assessment Measure (the “CAC Assessment”).   Read more…

Read full article

Data Breaches and HIPAA Enforcement Remain Endemic Amidst the COVID-19 Pandemic

Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, obtained two large breach-related settlements: one from a HIPAA Covered Entity and one from a HIPAA Business Associate.  These enforcement actions signal that despite COVID-19 related challenges, organizations continue to face rampant data breaches and ensuing HIPAA enforcement.

Read full article

Cyber Coverage in the Age of COVID-19 Need Not Result in Pandemonium

While businesses and their employees continue to operate in the “new frontier” of working-from-home during the COVID-19 pandemic and the gradual reopening of the economy, a serious risk continues to present itself: the threat of cybercrime. The increased use of remote access to work systems and related applications has made businesses a prime target for those unscrupulous individuals seeking to encroach on companies’ cyber-landscape. Flaws in VPNs, firewalls, and videoconferencing, for example, have exposed many companies’ electronic infrastructures to these incursions. Similarly, the at-home workforce has increasingly been subjected to social engineering attacks often cloaked as communications purporting to provide information about pandemic-related issues.

Read full article

Addressing Data Privacy and Security Provisions in COVID-19 Related Service Provider Agreements and Beyond

Employers’ engagement and use of various types of vendors has expanded recently, to include vendors who assist with office re-entry screening and contact tracing as employees return to work during the COVID-19 pandemic.  The service agreements that are negotiated and executed for this purpose should sufficiently address data privacy and security considerations related to employee personally identifiable information (PII). This is necessary for any service provider or vendor agreement.   In the absence of a federal law governing data security and breach notification of employee PII, employers must comply with increasing state and local legal requirements to ensure the protection of employee PII which employers obtain in the normal course of employment.  Many states have breach reporting laws that apply to data held by employers, such as employee social security numbers.  Other states, such as New York, have laws encompassing PII breach reporting and mandating certain data protections.  For example, the New York Stop Hacks and Improve Electronic Data Security Act (“Shield Act”) requires employers to implement a cybersecurity program providing protective measures for New York resident-employees’ PII.

Read full article

10 ways to stay CyberSavvy while employees return to work

Employees returning to the office after weeks of remote work creates data privacy and cybersecurity challenges that businesses need to confront head on. These considerations are especially critical as many states and regulators are requiring employers to collect COVID-19 related health information. Below are 10 ways to combat potential cyber risks and stay #CyberSavvy while employees are returning to work.

Read full article

Cybersecurity in the Age of the COVID-19 Remote Worker and Beyond

Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before.  There is likely no going back.  Employers have been relying on a remote workforce by necessity in the short term and are realizing that in the long term they can operate efficiently and productively with their staff largely out of the office.  The public health risks will, for the foreseeable future, be the driver both on employers’ need for a remote workforce to achieve continuity of operations and employees’ demand for a safer work location.  The increased numbers of remote workers will no doubt be lasting.  But with this anticipated restructuring of work must come a comprehensive evaluation of the corresponding cybersecurity risks over the long term and how best to address them.  As employers look forward to the future of securing remote work in their organizations, they should review the following top ten considerations as part of their defense in depth.

Read full article

Video: Cybersecurity During the COVID-19 Pandemic – Employment Law This Week®

As featured in #WorkforceWednesday: With all the challenges businesses are facing, it is hard to stay focused on data security. Hackers see the newly remote workforce as an opportunity, and phishing attacks are on the rise. Employers can fight back in a few ways:

  • Educate employees.
  • Update training materials and work-from-home policies.
  • Get security patches to employee devices quickly.
  • Update your data breach response plan and communicate it.
  • Remind your employees to help keep data secure by password-protecting devices with strong passwords and protecting sensitive information from others near their remote working location.
Read full article

Monitor your privacy settings for Zoom Video and Alexa

In March 2020, as professionals worked from home due to COVID-19, Zoom video conferences surged in popularity while, conversely, lawyers cast weary glances at the Alexa device in their home office, wondering if it was recording confidential communications. While society struggles with its relationship with ubiquitous communication devices, here is advice on properly configuring Zoom and Alexa privacy settings. READ MORE

Read full article