Privacy & Cybersecurity

In a much-anticipated decision, the Illinois Appellate Court for the First District has ruled that two separate statutes of limitations apply to violations of the Illinois Biometric Information Privacy Act
Continue Reading Illinois Appellate Court (First District) Concludes Separate Limitations Periods Apply to Different Violations of the Illinois Biometric Information Privacy Act

Despite being in effect since Jan. 1, 2020, the California Consumer Privacy Act (CCPA) continues to generate confusion for employers of California residents. Much attention has been given to the CCPA’s effect on a business’ obligations in collecting, using, and sharing California customers’ data. However, given the CCPA’s broad “consumer” definition includes “employees,” it also imposes duties on any in-scope business that manages California employees’ data. Notably, under the CCPA, “employees” include job applicants. The CCPA thus applies to both California customers and employees/job applicants of any “business,” which is defined as a for-profit organization doing business in California that controls how personal information is processed and: (i) has gross annual revenue exceeding $25 million; (ii) buys, receives, sells, or shares personal information of 50,000 or more California consumers, households, or devices; or (iii) derives 50% or more of its annual revenue from selling personal information of California residents. Civ. Code § 1798.140(c)(1). Importantly, for the CCPA to apply, businesses do not have to be physically in California. Thus, for example, a business that does not have any facilities in California, but employs remote workers in California, could be subject to the CCPA if it meets the CCPA’s “business” definition.
Continue Reading Employers: Stop, Drop, and Ensure CCPA Compliance as to Employees Residing in California