Spencer Fane LLP Logo

Thomas W. Hayde, CIPP/US

Partner

Spencer Fane attorney Thomas W. Hayde square

T 314.333.3921
F 314.862.4656
thayde@spencerfane.com

Illinois: Land of 12 Million Biometric Privacy Regulators

The Supreme Court of Illinois recently held that every Illinois citizen has a private right of action to enforce violations of the Illinois Biometric Information Privacy Act (“BIPA”) without alleging or showing actual harm. Businesses collecting, using and storing the biometric data of Illinois consumers take notice:  there are over 12 million regulators with the power to enforce this law against you. But don’t worry too much, the state’s high court promises that “Compliance should not be difficult.”

Pennsylvania Employers Have a Duty to Safeguard Employees’ Data, Says High Court

Late last year, the Supreme Court of Pennsylvania ruled that employers have a legal duty to safeguard employee’s sensitive personal information stored on an internet-accessible computer system and that the state’s economic loss doctrine allowed the plaintiffs in Dittman to recover for purely monetary damages. 

EDPB Guidance on GDPR’s Jurisdictional Scope

For many U.S. organizations, figuring out whether – and to what extent – Europe’s General Data Protection Regulation (“GDPR”) applies to your operations has caused a lot of headaches. Do you have an “establishment in the [European] Union”? Are you “offering…goods and services…to…data subjects in the Union”? Are you “monitoring” the behavior of data subjects in the Union? How will these terms be interpreted and enforced?

The Data Breach Tide is Shifting Toward Proactive Security Obligations

When an organization faces a security incident, it is thrown into a complicated analysis of forty-seven state breach notification laws.  With the laws based on the residence of the affected consumer, consideration must be given to the variances in the definition of a breach that triggers notification; the content, timing, and manner of notification; additional regulatory, credit agency, or media communications; and potential litigation or enforcement.  Thus, the states in which an organization provides goods or services and collects personal information can have a significant impact on obligations following a security incident.

Yet Another Data Sheriff In Town: CFPB Issues Its First Data Security Enforcement Action

On March 2, 2016, the CFPB finalized a Consent Order with Dwolla, an online payment platform, for violations of the CFPA.  It is the CFPB’s first enforcement action related to data privacy and security.  It is notable because Dwolla appears to have become an enforcement target due solely to its robust claims about security, and not due to any data breach.  It also places obligations on Dwolla’s Board to become responsible for data privacy and security in the company.

EU-US “Privacy Shield” Disclosed to the Public

The past week has seen two key developments in EU-US data privacy relations — the US enacted the Judicial Redress Act into law, and EU and US officials published the proposed EU-US Privacy Shield protocol for transatlantic data transfers.  While the Privacy Shield still has a gauntlet of EU bureaucracy to navigate, companies that relied on Safe Harbor should begin to plan now to comply with the robust new requirements of Privacy Shield, or implement other measures to satisfy the EU Privacy Directive to import EU data to the US.

President Obama Goes Big on Privacy and Cybersecurity

As part of a massive new initiative, Obama establishes the Federal Privacy Council and a national commission on cybersecurity

EU announces “Privacy Shield” agreement to replace Safe Harbor transatlantic data pact

  • U.S. organizations wishing to import data from EU subjects will be subject to much more “robust” privacy protocols
  • Final approval still faces hurdles

Spencer Fane Team Secures Court Order Striking St. Louis Minimum Wage Increase

On October 14, 2015, a St. Louis judge declared the city’s planned minimum wage increase invalid because it conflicts with the state minimum wage, currently set at $7.65 per hour. In August, the City of St. Louis passed an ordinance that would have eventually raised the minimum wage to $11.00 per hour by 2018. The first increase to $8.25 per hour was set to take effect on October 15, 2015.