Artificial Intelligence (AI) tools are becoming commonplace in workplace. According to Equal Employment Opportunity Commission (EEOC) Chair Charlotte Burrows, “as many as 83 percent of employers and up to 99 percent of Fortune 500 companies now use some form of automated tool to screen or rank candidates for hire.” Just as the use of AI in the workplace has developed rapidly, so too have the laws and regulations impacting workplace AI – particularly where there are concerns that irresponsible use could create a risk (or inaccurate impression) of unintended bias or discrimination. Some jurisdic ..read more

“More needs to be done to create a safe online space for children to learn, explore, and play.” This was the unanimous finding of the California legislature in 2022, and, since that time, other stakeholders have agreed. Voters, parents, the President, and legislators have all suggested that something will, and needs to, change to make sure that children can use the internet safely and privately.  But exactly how federal or state laws will evolve to protect children’s privacy remains an unsettled and evolving landscape. As with many areas of privacy regulation, California is likely a ..read more

Data breaches are on the rise.  So are the lawsuits that follow.  This has led to an environment where cyber-forensics service providers are more important than ever.  Clients seeking these services, however, often do so after becoming the unwilling victims of a data breach.  And those circumstances create uncertainty for protecting — either as attorney-client privileged or work product — the findings and conclusions from a cyber-forensics provider. HIRE AND RETAIN A CYBER-FORENSICS EXPERT THROUGH LEGAL COUNSEL Because the attorney-client privilege protects (and requires) c ..read more

2023 has seen a flurry of general state privacy laws, with twelve (12) such laws now on the books.  The next one to “go live,” on December 31, 2023, is the Utah Consumer Privacy Act (UCPA).  With no general federal privacy law in sight, the state privacy landscape continues to get more crowded and challenging to navigate, and further highlights the need to create and implement a comprehensive data privacy compliance strategy. On March 24, 2022, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 227, enacting the UCPA. The UCPA gives consumers rights to access, obtain a copy, and ..read more

As consumer demand for new artificial intelligence (“AI”) tools continues to grow, businesses must be prepared to build tools with “privacy by design” principles in mind, and to remain educated about privacy best practices and risk mitigation strategies when working with AI. The following areas provide the greatest opportunities to manage data privacy risks and effectively leverage the potential benefits of working with AI: 1. Consent is Key: Unlike past generations of AI, most of which embraced a rules-based model, the present and the future of deep learning tools and other AI systems are bui ..read more

On June 25, 2023, both houses of the Oregon State Legislature approved Senate Bill (SB) 619, “relating to protections for the personal data of consumers.”   SB 619 is now on the desk of Oregon Governor Tina Kotek for signature.  Upon signing, Oregon will become the eleventh state to enact general, or omnibus, privacy legislation, following California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, and Texas.  Omnibus federal privacy legislation (e.g., HB 2701) remains a (remote) possibility. There are fifty (50) state breach notifications laws, an ..read more

Earlier this month, the Oregon state legislature introduced Senate Bill (SB) 619, “relating to protections for the personal data of consumers.”  The bill has since been referred to the Senate Committee on Judiciary and the Joint Committee on Ways and Means.  Of course, Oregon would not be the first state to enact general, or omnibus, privacy legislation; to date, five states (California, Virginia, Colorado, Connecticut, and Utah) have done so, with the first two operative as of today.  Likewise, Oregon is not the only state to introduce new omnibus privacy legislation this month ..read more

To say that class action litigation regarding the use or collection of “biometric information” – such as fingerprints, face records, or voice records – is expensive would be a gross understatement.  The damages sought, and sometimes recovered, in litigation under the Illinois Biometric Information Privacy Act and similar laws that impose statutory penalties can be truly shocking.  And, if a recent complaint under a Portland, Oregon city ordinance and a jury verdict in Illinois are indicative, there is no immediate sign that this trend will reverse. First Ever Lawsuit Under Portland F ..read more

In Illinois, the Biometric Information Privacy Act (“BIPA”) regulates the collection and use of “biometric information” such as fingerprints, facial images, and voice records.  It imposes significant penalties and has generated a cottage industry of class action litigation—hundreds of cases have been filed and millions of dollars in liability have been assessed.  It is also the most well known and heavily litigated of a slew of newly enacted, or soon to be passed, state and local laws aimed to regulate biometric information. Many Illinois defendants had hoped that their liability und ..read more

In a widely anticipated ruling, the U.S. Supreme Court today ruled that just because a business has calling technology that has the capacity to store and dial multiple numbers – such as a cell phone — does not automatically subject that business to Telephone Consumer Protection Act (“TCPA”) liability for calls (and texts) to consumers that otherwise lack consent. Beyond other aspects of what constitutes a robo-call, this ruling is likely to limit the number of class actions brought against businesses under TCPA.  Still, for businesses required to comply with consumer protection laws, obta ..read more