January 29, 2019 — The hard work and experience of RSS’s litigators continue to yield positive results.
Recently, the U.S. Department of Health & Human Services (“HHS”) issued guidance for healthcare cybersecurity best practices. As required under the Cybersecurity Act (CSA) of 2015, this four-part guidance was generated by a Task Group charged with the following:
As we previously reported, since 2017 employees have filed dozens of employment class actions claiming violations of Illinois’ 2008 Biometric Information Privacy Act (“BIPA”). In short, BIPA protects the privacy rights of employees, customers, and others in Illinois against the improper collection, usage, storage, transmission, and destruction of biometric information, including biometric identifiers, such as retina or iris scans, fingerprints, voiceprints, and scans of face or hand geometry. Before collecting such biometric information, BIPA requires an entity to: (1) provide written notice to each individual of the collection; (2) obtain a signed release from each individual for the collection of biometric data; and (3) make available a policy that contains a retention schedule and guidelines for the permanent destruction of the biometric data.
Micky Grindstaff, Managing Partner of Shutts & Bowen LLP, announced that 12 attorneys in the firm have been elevated to partnership effective January 26, 2019.
NLRB Replaces Its Test for Distinguishing Between Employees and Independent Contractors – Returns to Pre-2014 Common Law Based Test
In a three to one decision issued on January 25, 2019, the National Labor Relations Board (“NLRB” or the “Board”) in SuperShuttle DFW, Inc., 367 NLRB No.75 (2019), the Board announced it was rejecting the test adopted in 2014 in FedEx Home Delivery, 361 NLRB 610 (2014) for determining whether a worker was an employee or an independent contractor and returning to the test it used prior to the FedEx Home decision.
Last week, the National Labor Relations Board (the “Board”) issued a decision that “begins the process of restoring” a decades-old definition of “concerted activity” under Section 7 of the National Labor Relations Act (“NLRA” or the “Act”) – a definition that, in the Board’s view, had become muddled and unduly expanded as recent decisions “blurred the distinction between protected group action and unprotected individual action.”
Ms. Crowley represents clients in matters involving employment, contracts, indemnification, product liability, and corporate disputes, including shareholder and partnership issues, breach of fiduciary duty, and misappropriation of trade secrets.
When the European Union’s (EU’s) General Data Protection Regulation (GDPR, discussed in a December 2017 client alert) took effect May 25, 2018, the French data protection regulator, Commission nationale de l’informatique et des libertés (CNIL), which translates to National Information Rights Commission, began investigating Google’s data privacy practices. Now, the CNIL has imposed on Google a €50 million fine (about $57 million), the largest to date under the GDPR, for lack of transparency, inadequate information, and lack of valid consent regarding its personalized ads. Below is a summary of the enforcement action and what it means going forward.
The national law firm of Epstein Becker Green (EBG) is pleased to announce that four attorneys based in the firm’s Chicago office have been selected for the 2019 Illinois Super Lawyers list.
On October 18, 2018, the FDA published Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. This guidance outlined recommendations for cybersecurity device design and labeling as well as important documents that should be included in premarket approval submissions. This guidance comes at a critical time as the healthcare industry is a prime target for hackers. On January 22, 2019, the U.S. Department of Homeland Security Industrial Control System Cyber Emergency Team (US-CERT) issued another advisory regarding medical device vulnerabilities. Further, a report by KLAS Research in collaboration with the College of Healthcare Information Management Executives (CHIME) found that 18 percent of healthcare organizations reported that their medical devices were hit by malware or ransomware. Many experts are also projecting that more cyber-attackers will target devices in 2019.