Privacy In Pandemic: Senators Announce Covid-19 Data Privacy Bill
May 11, 2020 —
Kyle Janecek & Jeffrey Dennis – Newmeyer Dillion"Data! Data! Data!. . . I can't make bricks without clay." This classic statement from Sherlock Holmes in The Adventure of the Copper Beeches takes on a new meaning in the COVID-19 pandemic. With the plans to begin contact tracing the spread of the COVID-19 pandemic slowly moving towards the forefront, a valid and important issue presents itself: how do we treat and protect the data we so desperately need to trace, track, and address the pandemic? U.S. Senators Wicker, Thune, Moran, and Blackburn introduced a possible solution to this problem with the COVID-19 Consumer Data Protection Act, as announced on April 30, 2020. So what does the Act entail? What information is protected? What action would businesses need to take towards individuals, such as consumers or even employees, in order to comply with this new legislation?
WHAT IS THE COVID-19 CONSUMER DATA PROTECTION ACT?
The Act is meant to address the concern regarding data collection and privacy due to large companies, like Google and Apple, adjusting the software within their devices to facilitate digital contact tracing. The Act can be broken up into three parts - the treatment of information; the privacy notice requirements; and the transparency requirements.
First, the Act prohibits the collection, processing, or transfer of certain categories of data without notice and the affirmative express consent of the individual, in order to:
- Track the spread of COVID-19,
- Trace the spread of COVID-19 through contact tracing, or
- Determine compliance with social distancing guidelines without the requisite notice to individuals and their express consent.
To accomplish this, the Act also restricts entities in their ability to collect excessive information, stating that an entity cannot collect information beyond what is reasonably necessary to conduct any of the three COVID-19 related purposes listed in the statute. The entity must also provide reasonable administrative, technical, and physical data security policies and practices to protect the information collected. Furthermore, in the event that the entity stops using the information for any of the three COVID-19 purposes, it must delete or de-identify the information it has collected.
Next, the Act describes the requirements for notice to individuals. In order to legally collect, process or transfer the information, the entity needs to provide the consumer with prior notice of the purpose, processing, and transfer of the data through their privacy policy within 14 days of the enactment of the law. This policy would have to:
- Disclose the consumer's rights in a clear and conspicuous manner prior to or at the point of collection,
- Be available in a clear and conspicuous manner to the public,
- Include whether the entity will transfer any of the information it collects in order to track or trace COVID-19 or determine compliance with social distancing,
- Describe its data retention policy, and
- Generally describe its data security measures.
Notably, many of these are already requirements common to many privacy policies, including the disclosure regarding the transfer of an individual's information.
In addition, an individual must give their affirmative express consent to such collection, processing and transfer. In other words, an individual must "opt-in" to having their information collected. This would be done through a checked box or electronic signature, as the law prohibits entities from inferring consent through a failure by the individual to take an action stopping the collection. Furthermore, the individual would also need the ability to expressly withdraw their consent, with the entity then having to cease collection, processing, or transfer of the information within 14 days of the revocation. In essence, due to the restriction on transferal, this may result in businesses opting to delete or de-identify data upon a revocation.
Finally, the entity would have to abide by certain reporting and transparency requirements, namely a monthly public report stating how many individuals had information collected, processed or transferred, and describing the categories of the data collected, processed or transferred by the entity and why. This is akin to the California Consumer Privacy Act's treatment of categories of information, though it would require this information to be released on an ongoing, monthly basis.
WHAT DATA IS COVERED?
Notably, the Act only affects a very limited scope of data. The Act covers geolocation data (exact real-time locations), proximity data (approximated location data), and Personal Health Information (any genetic/diagnosis information that can identify someone). This could cover information like Bluetooth communication or real-time tracking based on a cell phone's geolocation features. Notably, Personal Health Information does not include any information that may be covered under HIPAA or the broader categorization of "Biometric" data (i.e. retinal scans, finger prints, etc). Furthermore, and more generally, "publicly available information" is excluded, which includes information from telephone books or online directories, the news media, "video, internet, or audio content" as well as "websites available to the general public on an unrestricted basis." The latter of which potentially would push any and all information made available through social media (i.e. Facebook or Twitter) into the definition of "publicly available information."
HOW IS IT ENFORCED?
Generally, the law would be enforced by the FTC, under the provisions regarding unfair or deceptive acts or practices, similar to other enforcement actions arising out of privacy policies. Notwithstanding, state attorney generals may also bring actions to enforce compliance and obtain damages, civil penalties, restitution, or other compensation on behalf of the residents of the state.
WHAT SHOULD MY COMPANY DO?
If your entity plans on collecting information for tracking COVID-19, measuring social distancing compliance, or contact tracing, it is advisable to include language in your privacy policy now. This could be as simple as adding an additional provision within your privacy policy stating that the entity will retain information to conduct one of the three COVID-19 purposes as laid out in the statute. In addition, this also means that should the entity collect and use employee information for contact tracing, tracking the spread of COVID-19 or ensuring compliance with social distancing measures, it will need to disclose some of the specifics of that process to the employees and have them opt-in for the process. Finally, for contact tracing purposes, any individual that shares their diagnosis will have to opt-in for the entity to legally collect, process, and transfer that information to others.
While the time to reach compliance is unknown, it is more important than ever to form a compliance plan for privacy legislation if you do not already have a plan in place. If you decide to prepare with us, our firm has created a 90 day California Consumer Privacy Act compliance program (which can be expedited) where our team will collaborate with you to determine a scalable, practical, and reasonable way for you to meet your needs, and we will provide a free initial consultation. For further inquiries or questions related to COVID-19, you can consult with a Task Force attorney by emailing NDCovid19Response@ndlf.com or contacting our office directly at 949-854-7000.
Kyle Janecek is an associate in the firm's Privacy & Data Security practice, and supports the team in advising clients on cyber related matters, including policies and procedures that can protect their day-to-day operations. For more information on how Kyle can help, contact him at kyle.janecek@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
What’s the Best Way to “Use” a Construction Attorney?
January 04, 2023 —
Christopher G. Hill - Construction Law MusingsThe question in the title of this post is one I think about a lot. I have also discussed
some aspects of this topic previously here at Musings. As 2022 winds down and we head into 2023, my thoughts have landed back on how I as a construction lawyer can
help my clients and how my construction industry clients can help me to be more effective. This post will focus on the latter aspect of the representation process.
The first key aspect to helping your construction counsel more effectively assist you with any aspect of your construction business is to communicate. Attorneys are only as good as the information that we have. Always remember that while you as the contractor lived the project about which you called your attorney, that attorney is just hearing about it for the first time. Construction lawyers spend a lot of time playing catch-up and trying to get familiar with all aspects (good and bad) of your claim or issue. Do not assume that even the most knowledgeable construction attorney can anticipate how the evidence and facts will come out over the course of a representation. Attorneys apply law to facts, it is up to the client to give the attorney the initial facts.
Read the court decisionRead the full story...Reprinted courtesy of
The Law Office of Christopher G. HillMr. Hill may be contacted at
chrisghill@constructionlawva.com
Keeping KeyArena's Landmark Lid Overhead at Climate Pledge Arena Redevelopment Is A 22,000-Ton Balancing Act
November 30, 2020 —
Nadine M. Post - Engineering News-RecordMost contractors would jump at the chance to have a roof overhead during a major rebuild. But for the team turning earthquake-prone Seattle’s 411,000-sq-ft KeyArena into the 932,000-sq-ft Climate Pledge Arena, the city-owned facility’s historic helmet has been a 44-million-lb design and construction headache.
Reprinted courtesy of
Nadine M. Post, Engineering News-Record
Ms. Post may be contacted at postn@enr.com
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
First-Time Buyers Shut Out of Expanding U.S. Home Supply
August 13, 2014 —
Prashant Gopal – BloombergThe four-bedroom house that Ilia Nielsen-Dembe purchased in west Denver earlier this year wasn’t her top choice. The first-time buyer had to settle on a home in a neighborhood with a high crime rate after losing out on bids for five properties in more desirable areas.
“I definitely sacrificed in terms of location,” said Nielsen-Dembe, 33, who lives with her husband and two daughters in the house she bought in April for $184,500. “I had to cross streets that were not ideal in order to get a house.”
While the supply of U.S. homes for sale is at an almost two-year high and price gains are moderating, buyers such as Nielsen-Dembe wouldn’t know it. An inventory crunch for entry-level houses has only worsened during the past year as discounted foreclosures become scarce and cash-paying investors snap up affordable listings to convert to rentals. Properties at the lower end of the market are also the most likely to have underwater mortgages, keeping would-be sellers from moving.
Read the court decisionRead the full story...Reprinted courtesy of
Prashant Gopal, BloombergMr. Gopal may be contacted at
pgopal2@bloomberg.net
Denver’s Mayor Addresses Housing and Modifying Construction Defect Law
July 16, 2014 —
Beverley BevenFlorez-CDJ STAFFDuring his State of the City Address, Mayor Michael Hancock discussed housing, specifically calling “on the state legislature to modify a construction defects law,” according to KWGN news.
“…it is my sincere hope that the 2015 State Legislature will recognize the chilling effect the construction defects law has on the for sale condo market,” Hancock stated, as reported in The Denver Post. “I encourage lawmakers to modify the law so that we can experience the full potential of housing in metro Denver.”
Hancock also claimed that though the population has increased, the “housing stock has not kept pace,” according to KWGN. “This gap is exacerbated by rising home prices, which are good news for homeowners and our local economy, but a challenge for many residents and families.”
Read the full story, KWGN...
Read the full story, Denver Post... Read the court decisionRead the full story...Reprinted courtesy of
The Sensible Resurgence of the Multigenerational Home
August 13, 2014 —
Chris Farrell – BloombergOne of the biggest fears spawned by the recession and subsequent up-and-down recovery is getting stuck at home. The commonly expressed concern is that millennials are too burdened with student debts and poor job prospects to make it on their own. According to the narrative of generational dependency, the resurgence in multigenerational living is a trend hardly worth celebrating.
Or is it? Yes, many young college graduates have faced tough economic circumstances in recent years. But the trend toward embracing the multigenerational home began well before the Great Recession, suggesting something else is at work. A record 57 million Americans, or 18.1 percent of the population, lived in a multigenerational household in 2012, according to a Pew Research report, “In Post-Recession Era, Young Adults Drive Continuing Rise in Multi-Generational Living,” released on June 17, 2014. (You can include the First Family among the multigenerational households.) That’s up from 28 million, or 12.1 percent of the population, in 1980. Equally impressive, the return of the multigenerational household marks a striking reversal of the post-World War II decline. In 1940, 24.7 percent of the population resided in a multigenerational home, a living arrangement that bottomed in the early 1980s.
Read the court decisionRead the full story...Reprinted courtesy of
Chris Farrell, Bloomberg
Antitrust Walker Process Claims Not Covered Under Personal Injury Coverage for Malicious Prosecution
May 18, 2020 —
Christopher Kendrick & Valerie A. Moore – Haight Brown & Bonesteel LLPIn Travelers Property Casualty Co. of America v. KLA-Tencor Corp. (No. H044890; filed 1/16/20, ord. pub. 2/13/20), a California appeals court ruled that commercial general liability insurance for personal and advertising injury, defined to include malicious prosecution, does not cover a Walker Process antitrust cause of action under the Sherman Act and the Clayton Act for using a fraudulently procured patent to attempt to monopolize the market.
Travelers insured KLA under commercial liability policies with coverage for personal and advertising injury liability, which was defined as “injury, other than ‘advertising injury’, caused by. . . (2) Malicious prosecution.”
Reprinted courtesy of
Christopher Kendrick, Haight Brown & Bonesteel LLP and
Valerie A. Moore, Haight Brown & Bonesteel LLP
Mr. Kendrick may be contacted at ckendrick@hbblaw.com
Ms. Moore may be contacted at vmoore@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Construction Defect Fund Approved for Bankrupt Las Vegas Builder
February 11, 2013 —
CDJ STAFFA federal bankruptcy judge has given his approval to a fund set up to settle potential construction defect claims as a Las Vegas home builder, America West Development, works its way out of bankruptcy. The U.S. Trustee had objected to the trust fund's structure, and claimed that it was insufficiently independent from America West. Judge Mike Nakagawa found no legal objections to the trust.
The trust will be initially funded from $1.5 million of the $10 million that Lawrence Canarelli will be paying to buy back the company he founded. Construction defect claims against the company could possibly reach $20.9 million. The Las Vegas Review-Journal reports that the fund "could pick up funding from certain legal claims and insurance.
Read the court decisionRead the full story...Reprinted courtesy of
