Privacy In Pandemic: Senators Announce Covid-19 Data Privacy Bill
May 11, 2020 —
Kyle Janecek & Jeffrey Dennis – Newmeyer Dillion"Data! Data! Data!. . . I can't make bricks without clay." This classic statement from Sherlock Holmes in The Adventure of the Copper Beeches takes on a new meaning in the COVID-19 pandemic. With the plans to begin contact tracing the spread of the COVID-19 pandemic slowly moving towards the forefront, a valid and important issue presents itself: how do we treat and protect the data we so desperately need to trace, track, and address the pandemic? U.S. Senators Wicker, Thune, Moran, and Blackburn introduced a possible solution to this problem with the COVID-19 Consumer Data Protection Act, as announced on April 30, 2020. So what does the Act entail? What information is protected? What action would businesses need to take towards individuals, such as consumers or even employees, in order to comply with this new legislation?
WHAT IS THE COVID-19 CONSUMER DATA PROTECTION ACT?
The Act is meant to address the concern regarding data collection and privacy due to large companies, like Google and Apple, adjusting the software within their devices to facilitate digital contact tracing. The Act can be broken up into three parts - the treatment of information; the privacy notice requirements; and the transparency requirements.
First, the Act prohibits the collection, processing, or transfer of certain categories of data without notice and the affirmative express consent of the individual, in order to:
- Track the spread of COVID-19,
- Trace the spread of COVID-19 through contact tracing, or
- Determine compliance with social distancing guidelines without the requisite notice to individuals and their express consent.
To accomplish this, the Act also restricts entities in their ability to collect excessive information, stating that an entity cannot collect information beyond what is reasonably necessary to conduct any of the three COVID-19 related purposes listed in the statute. The entity must also provide reasonable administrative, technical, and physical data security policies and practices to protect the information collected. Furthermore, in the event that the entity stops using the information for any of the three COVID-19 purposes, it must delete or de-identify the information it has collected.
Next, the Act describes the requirements for notice to individuals. In order to legally collect, process or transfer the information, the entity needs to provide the consumer with prior notice of the purpose, processing, and transfer of the data through their privacy policy within 14 days of the enactment of the law. This policy would have to:
- Disclose the consumer's rights in a clear and conspicuous manner prior to or at the point of collection,
- Be available in a clear and conspicuous manner to the public,
- Include whether the entity will transfer any of the information it collects in order to track or trace COVID-19 or determine compliance with social distancing,
- Describe its data retention policy, and
- Generally describe its data security measures.
Notably, many of these are already requirements common to many privacy policies, including the disclosure regarding the transfer of an individual's information.
In addition, an individual must give their affirmative express consent to such collection, processing and transfer. In other words, an individual must "opt-in" to having their information collected. This would be done through a checked box or electronic signature, as the law prohibits entities from inferring consent through a failure by the individual to take an action stopping the collection. Furthermore, the individual would also need the ability to expressly withdraw their consent, with the entity then having to cease collection, processing, or transfer of the information within 14 days of the revocation. In essence, due to the restriction on transferal, this may result in businesses opting to delete or de-identify data upon a revocation.
Finally, the entity would have to abide by certain reporting and transparency requirements, namely a monthly public report stating how many individuals had information collected, processed or transferred, and describing the categories of the data collected, processed or transferred by the entity and why. This is akin to the California Consumer Privacy Act's treatment of categories of information, though it would require this information to be released on an ongoing, monthly basis.
WHAT DATA IS COVERED?
Notably, the Act only affects a very limited scope of data. The Act covers geolocation data (exact real-time locations), proximity data (approximated location data), and Personal Health Information (any genetic/diagnosis information that can identify someone). This could cover information like Bluetooth communication or real-time tracking based on a cell phone's geolocation features. Notably, Personal Health Information does not include any information that may be covered under HIPAA or the broader categorization of "Biometric" data (i.e. retinal scans, finger prints, etc). Furthermore, and more generally, "publicly available information" is excluded, which includes information from telephone books or online directories, the news media, "video, internet, or audio content" as well as "websites available to the general public on an unrestricted basis." The latter of which potentially would push any and all information made available through social media (i.e. Facebook or Twitter) into the definition of "publicly available information."
HOW IS IT ENFORCED?
Generally, the law would be enforced by the FTC, under the provisions regarding unfair or deceptive acts or practices, similar to other enforcement actions arising out of privacy policies. Notwithstanding, state attorney generals may also bring actions to enforce compliance and obtain damages, civil penalties, restitution, or other compensation on behalf of the residents of the state.
WHAT SHOULD MY COMPANY DO?
If your entity plans on collecting information for tracking COVID-19, measuring social distancing compliance, or contact tracing, it is advisable to include language in your privacy policy now. This could be as simple as adding an additional provision within your privacy policy stating that the entity will retain information to conduct one of the three COVID-19 purposes as laid out in the statute. In addition, this also means that should the entity collect and use employee information for contact tracing, tracking the spread of COVID-19 or ensuring compliance with social distancing measures, it will need to disclose some of the specifics of that process to the employees and have them opt-in for the process. Finally, for contact tracing purposes, any individual that shares their diagnosis will have to opt-in for the entity to legally collect, process, and transfer that information to others.
While the time to reach compliance is unknown, it is more important than ever to form a compliance plan for privacy legislation if you do not already have a plan in place. If you decide to prepare with us, our firm has created a 90 day California Consumer Privacy Act compliance program (which can be expedited) where our team will collaborate with you to determine a scalable, practical, and reasonable way for you to meet your needs, and we will provide a free initial consultation. For further inquiries or questions related to COVID-19, you can consult with a Task Force attorney by emailing NDCovid19Response@ndlf.com or contacting our office directly at 949-854-7000.
Kyle Janecek is an associate in the firm's Privacy & Data Security practice, and supports the team in advising clients on cyber related matters, including policies and procedures that can protect their day-to-day operations. For more information on how Kyle can help, contact him at kyle.janecek@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Short-Term Rental Legislation & Litigation On the Way!
November 18, 2019 —
Patrick J. Paul - Snell & Wilmer Real Estate Litigation BlogThe advent of the shared economy in the real estate context has provided homeowners and investors alike with expanded opportunities to generate revenue from the use of their real estate. Airbnb and VRBO are two of the most popular companies facilitating short-term rental availability. The rapid growth in this shared real estate economy has served as a disruptor of sorts to the traditional hotel and hospitality industry, causing that industry to revisit its own models in order to better compete.
The popularity of short-term rental use, however, has created a whole new set of problems about which property owners, state and local governments, renters, and those impacted by the explosion of short-term rentals should be aware. Among other things, without more, most traditional homeowners’ policies will not cover the insured property’s use for commercial purposes – a problem similar to the early rideshare providers.
Full and part-time resident owners who previously enjoyed a greater certainty with respect to their neighbors are today frustrated by the revolving door of vacationers, revelers, wedding attendees and similar nontraditional uses of neighborhood residential property.
Read the court decisionRead the full story...Reprinted courtesy of
Patrick J. Paul, Snell & WilmerMr. Paul may be contacted at
ppaul@swlaw.com
'Regluing' Oregon State's Showcase for Mass Timber
September 17, 2018 —
Nadine M. Post - Engineering News-RecordThe tally of how many defective cross-laminated timber panels need replacement on a $79-million college of forestry building under construction at Oregon State University is almost complete, nearly six months after two layers of a seven-layer CLT floor panel, 30 ft x 4 ft, came unglued and crashed 14 ft from the third to the second floor of the three-story building.
Read the court decisionRead the full story...Reprinted courtesy of
Nadine M. Post, ENRMs. Post may be contacted at
postn@enr.com
Wall Failure Due to Construction Defect Says Insurer
October 09, 2013 —
CDJ STAFFA wall built by J. F. Smith Construction collapsed during Hurricane Isaac, and Bankers Insurance Group is blaming the builder not the hurricane. The insurer claims that if the wall had been built properly it would have withstood the storm. The suit is being filed in the Louisiana courts. Bankers Insurance is seeking $49,625.25 in damages.
Read the court decisionRead the full story...Reprinted courtesy of
Construction Trust Fund Statutes: Know What’s Required in the State Where Your Project Is Underway
June 22, 2020 —
Christopher D. Cazenave - ConsensusDocsConstruction trust fund statutes have been around for decades. At least 15 states have passed similar statutes. Other states, but not all, do not have an express statute but have interpreted state law to hold that payments received by a general contractor and deposited in a business account establishes a “trust fund.” See e.g., Cal. Bus. & Prof. Code § 7108.
The purpose of these laws is straightforward—protect contractors and suppliers against nonpayment for the labor and materials provided for the construction or repair of property. But while the purpose is straightforward, each state’s law differs by imposing different requirements, different privileges, and different remedies. This article provides an overview of how these statutes work as well as a sampling of important requirements and potential pitfalls that you should look out for when a construction trust fund statute applies to your project.
Read the court decisionRead the full story...Reprinted courtesy of
Christopher D. Cazenave, Jones Walker LLPMr. Cazenave may be contacted at
ccazenave@joneswalker.com
Quick Note: Attorney’s Fees and the Significant Issues Test
November 03, 2016 —
David Adelstein – Florida Construction Legal UpdatesAttorney’s fees become a component of damages that parties seek to recover whenever there is a contractual or statutory basis for them to recover their fees. Parties want to be able to recover all or substantially most of the attorney’s fees they incurred in pursuing their claim. (In my experience, recovering all of the fees incurred is very challenging.) But, to be entitled to attorney’s fees, a party has to be deemed the
prevailing party. There is the sentiment that as long as you recover a positive net judgment (even if it is for $100 when your claim was for $50,000) then you will be able to recover your attorney’s fees which will likely exceed the amount that was ever in dispute.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Katz, Barron, Squitero, Faust, Friedberg, English & Allen, P.A.Mr. Adelstein may be contacted at
dma@katzbarron.com
Loan Modifications Due to COVID-19 Pandemic: FDIC Answers CARES Act FAQs
May 11, 2020 —
Nancy Sabol Frantz, Marissa Levy, Timothy E. Davis & Kristen E. Andreoli - White and WilliamsIn support of financial institutions and borrowers during the COVID-19 pandemic, the newly enacted Coronavirus Aid, Relief, and Economic Security Act (CARES Act) includes a number of provisions permitting lenders to suspend, during a covered period, requirements under U.S. Generally Accepted Accounting Principles (GAAP) with respect to categorizing certain loan modifications as a troubled debt restructuring (TDR) due to COVID-19. In light of the CARES Act, the Federal Deposit Insurance Corporation (FDIC) issued a series of answers to FAQs for financial institutions with respect to loan modifications. The FAQs help guide lenders as well as borrowers as they address pending defaults under existing credit facilities. The FAQs encourage financial institutions to work with borrowers who may be unable to meet their payment obligations due to COVID-19 in several ways:
Payment Accommodations
Short-term accommodations which modify, extend, suspend or defer repayment terms should be intended to facilitate the borrower’s ability to work through the immediate impact of the virus. According to the FAQs, all loan accommodation programs should ultimately be targeted towards repayment. To that end, the FDIC recommends that financial institutions address deferred or skipped payments by either extending the original maturity date or by making those payments due in a balloon payment at the maturity date of the loan.
Reprinted courtesy of White and Williams attorneys
Nancy Sabol Frantz,
Marissa Levy,
Timothy E. Davis and
Kristen E. Andreoli
Ms. Frantz may be contacted at frantzn@whiteandwilliams.com
Ms. Levy may be contacted at levymp@whiteandwilliams.com
Mr. Davis may be contacted at davist@whiteandwilliams.com
Ms. Andreoli may be contacted at andreolik@whiteandwilliams.com
Read the court decisionRead the full story...Reprinted courtesy of
Competition to Design Washington D.C.’s 11th Street Bridge Park
May 07, 2014 —
Beverley BevenFlorez-CDJ STAFFAccording to Architect Magazine, eighty landscape architecture and architecture firms (forty teams) submitted proposals to design the $25-million Washington D.C. 11th Street Bridge Park project. A jury has shortlisted six design teams: “Wallace Roberts & Todd (WRT)/Next Architects, Piet Oudolf with Glenn LaRue Smith/PUSH Studio/WXY Architecture + Urban Design, OLIN/OMA, Workshop: Ken Smith Landscape/Davis Brody Bond, Stoss Landscape Urbanism/Höweler + Yoon Architecture, and Balmori Associates/Cooper, Robertson & Partners.”
The “nonprofit Building Bridges Across the River at THEARC (Town Hall Education Arts Recreation Campus) and the District's Office of Planning” launched the competition in March of this year. Architect Magazine stated that “the goal of” the project is to unify “what some call a ‘long-divided city,’ by connecting Capitol Hill and Anacostia, the neighborhoods on either side of the river.”
Read the court decisionRead the full story...Reprinted courtesy of
