Keypoint: The use of no-contact temperature taking devices can be an important part of a company’s return-to-work program, but companies should fully vet these devices to ensure that they are not unintentionally violating privacy laws or exposing themselves to potential liabilities.

As U.S. companies start planning and implementing return-to-work plans, many are considering whether to use no-contact temperature taking devices.

The federal government has recognized that taking temperatures is a step that companies can take to mitigate the risk of spreading coronavirus. For example, the CDC interim guidance for critical infrastructure workers recommends that employers “measure the employee’s temperature and assess symptoms prior to them starting work.” EEOC return-to-work guidance also recognizes that employee screening “may include continuing to take temperatures . . . of all those entering the workplace.”

States and cities also have recommended taking temperatures. For example, in Colorado, the Governor’s office has encouraged large workplaces to implement symptom and temperature checks as part of the state’s gradual return-to-work strategy. New York Mayor Bill de Blasio has stated that temperature checks will be part of the City’s return-to-work program. New Jersey Governor Phil Murphy suggested that restaurants could check temperatures before allowing customers to enter.

However, the taking of temperatures creates logistical issues such as who should take the temperatures, what precautions should be in place, and when and where the temperatures should be taken. As with many other facets of this pandemic, companies have looked to technology to answer some of these questions, and there are many solutions – some old, some new – in the marketplace.

Depending on the type of device, the use of no-contact temperature taking devices can raise numerous privacy issues. As companies begin to vet and implement these devices, they will need to ensure that they do not unintentionally violate privacy laws or assume potential liabilities.


Continue Reading U.S. Privacy Law Implications with the Use of No-Contact Temperature Taking Devices

Keypoint: If properly deployed, the use of COVID-19 contact-tracing apps by employers, in combination with other measures, could be an effective way to return employees to the workforce. However, before deploying these apps, employers should take caution to fully vet the technologies being used to ensure that employee privacy is respected.

As the United States and Europe have started the process of returning to work, the development, deployment, and use of COVID-19 contact-tracing apps has become a focal point for how governments intend to mitigate risk. ChinaSingapore, and South Korea have already implemented national contact-tracing apps. European countries and Australia have been rapidly working towards their deployment.

In connection with the rapid development of governmental contact-tracing apps, tech companies have started to develop similar apps for employers. A handful of employer-focused contact-tracing apps are already on the market and many more are in development. Some employers are already planning to deploy these apps. For example, Ferrari recently announced that it will utilize a contact-tracing app as part of its “Back on Track” plan.

The use of these apps raises numerous privacy concerns for U.S. employers. As employers begin to vet these apps, they will need to ensure that they do not unintentionally violate privacy laws or assume liabilities by deploying them with their workforce.


Continue Reading U.S. Privacy Law Implications for Employers Considering Employee Contact-Tracing Apps

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: Illinois lawmakers have proposed legislation that would create CCPA-like privacy rights for Illinois residents.

On January 8, 2020, Illinois state Senator Thomas Cullerton introduced the Illinois Data Transparency and Privacy Act (SB2330). This comes on the heels of last year’s legislative session in which two consumer privacy bills failed to pass.

Below is our analysis of the proposed legislation (as introduced).


Continue Reading Analyzing the 2020 Illinois Data Transparency and Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading The Year to Come in U.S. Privacy & Cybersecurity Law

Key Points

  • The Illinois Biometric Information Privacy Act (BIPA) is the most stringent privacy law in the country providing claimants with a private right of action without alleging actual injury.
  • Recent decisions have held that companies outside of Illinois that collect, store or use information on employees and persons in Illinois are subject to BIPA mandates.
  • Courts have held that notice of the collection of biometric information must be obtained from all persons prior to collection of the biometric information.
  • A recent decision acknowledged that an expansive reading of the statute suggests that each scan of biometric information may constitute a single violation under the BIPA.
  • Union employees subject to a collective bargaining agreement must pursue their BIPA claims in arbitration or before an administrative board.
  • Claims of willful or intentional violation of the new law must be supported by facts.
  • BIPA contains no statute of limitations for actions brought under the law, and the issue of the applicable length of the statute of limitations remains unresolved.

As tech companies race to develop facial recognition software for new applications across industry sectors, including the automotive, cosmetic, and healthcare industries, state legislatures are developing privacy laws to protect individuals’ right to privacy and control over their biometric information. The Illinois BIPA is the most stringent biometric privacy law in the U.S for the following reasons:


Continue Reading Overview of Recent Decisions Interpreting the Illinois Biometric Information Privacy Act

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Key Point: The Illinois data breach notification statute will now require entities to notify the Illinois Attorney General if a breach affects 500 or more Illinois residents.

The Illinois General Assembly recently voted to approve an amendment to the state’s Personal Information Protection Act (“PIPA”) (815 ILCS 530/1 et seq.) with regards to companies’ and organizations’ obligations when a data breach occurs. Illinois Governor J.B. Pritzker is expected to sign the amendment into law.
Continue Reading Illinois Legislature Passes Amendment to State’s Data Breach Notification Statute