Privacy In Pandemic: Senators Announce Covid-19 Data Privacy Bill
May 11, 2020 —
Kyle Janecek & Jeffrey Dennis – Newmeyer Dillion"Data! Data! Data!. . . I can't make bricks without clay." This classic statement from Sherlock Holmes in The Adventure of the Copper Beeches takes on a new meaning in the COVID-19 pandemic. With the plans to begin contact tracing the spread of the COVID-19 pandemic slowly moving towards the forefront, a valid and important issue presents itself: how do we treat and protect the data we so desperately need to trace, track, and address the pandemic? U.S. Senators Wicker, Thune, Moran, and Blackburn introduced a possible solution to this problem with the COVID-19 Consumer Data Protection Act, as announced on April 30, 2020. So what does the Act entail? What information is protected? What action would businesses need to take towards individuals, such as consumers or even employees, in order to comply with this new legislation?
WHAT IS THE COVID-19 CONSUMER DATA PROTECTION ACT?
The Act is meant to address the concern regarding data collection and privacy due to large companies, like Google and Apple, adjusting the software within their devices to facilitate digital contact tracing. The Act can be broken up into three parts - the treatment of information; the privacy notice requirements; and the transparency requirements.
First, the Act prohibits the collection, processing, or transfer of certain categories of data without notice and the affirmative express consent of the individual, in order to:
- Track the spread of COVID-19,
- Trace the spread of COVID-19 through contact tracing, or
- Determine compliance with social distancing guidelines without the requisite notice to individuals and their express consent.
To accomplish this, the Act also restricts entities in their ability to collect excessive information, stating that an entity cannot collect information beyond what is reasonably necessary to conduct any of the three COVID-19 related purposes listed in the statute. The entity must also provide reasonable administrative, technical, and physical data security policies and practices to protect the information collected. Furthermore, in the event that the entity stops using the information for any of the three COVID-19 purposes, it must delete or de-identify the information it has collected.
Next, the Act describes the requirements for notice to individuals. In order to legally collect, process or transfer the information, the entity needs to provide the consumer with prior notice of the purpose, processing, and transfer of the data through their privacy policy within 14 days of the enactment of the law. This policy would have to:
- Disclose the consumer's rights in a clear and conspicuous manner prior to or at the point of collection,
- Be available in a clear and conspicuous manner to the public,
- Include whether the entity will transfer any of the information it collects in order to track or trace COVID-19 or determine compliance with social distancing,
- Describe its data retention policy, and
- Generally describe its data security measures.
Notably, many of these are already requirements common to many privacy policies, including the disclosure regarding the transfer of an individual's information.
In addition, an individual must give their affirmative express consent to such collection, processing and transfer. In other words, an individual must "opt-in" to having their information collected. This would be done through a checked box or electronic signature, as the law prohibits entities from inferring consent through a failure by the individual to take an action stopping the collection. Furthermore, the individual would also need the ability to expressly withdraw their consent, with the entity then having to cease collection, processing, or transfer of the information within 14 days of the revocation. In essence, due to the restriction on transferal, this may result in businesses opting to delete or de-identify data upon a revocation.
Finally, the entity would have to abide by certain reporting and transparency requirements, namely a monthly public report stating how many individuals had information collected, processed or transferred, and describing the categories of the data collected, processed or transferred by the entity and why. This is akin to the California Consumer Privacy Act's treatment of categories of information, though it would require this information to be released on an ongoing, monthly basis.
WHAT DATA IS COVERED?
Notably, the Act only affects a very limited scope of data. The Act covers geolocation data (exact real-time locations), proximity data (approximated location data), and Personal Health Information (any genetic/diagnosis information that can identify someone). This could cover information like Bluetooth communication or real-time tracking based on a cell phone's geolocation features. Notably, Personal Health Information does not include any information that may be covered under HIPAA or the broader categorization of "Biometric" data (i.e. retinal scans, finger prints, etc). Furthermore, and more generally, "publicly available information" is excluded, which includes information from telephone books or online directories, the news media, "video, internet, or audio content" as well as "websites available to the general public on an unrestricted basis." The latter of which potentially would push any and all information made available through social media (i.e. Facebook or Twitter) into the definition of "publicly available information."
HOW IS IT ENFORCED?
Generally, the law would be enforced by the FTC, under the provisions regarding unfair or deceptive acts or practices, similar to other enforcement actions arising out of privacy policies. Notwithstanding, state attorney generals may also bring actions to enforce compliance and obtain damages, civil penalties, restitution, or other compensation on behalf of the residents of the state.
WHAT SHOULD MY COMPANY DO?
If your entity plans on collecting information for tracking COVID-19, measuring social distancing compliance, or contact tracing, it is advisable to include language in your privacy policy now. This could be as simple as adding an additional provision within your privacy policy stating that the entity will retain information to conduct one of the three COVID-19 purposes as laid out in the statute. In addition, this also means that should the entity collect and use employee information for contact tracing, tracking the spread of COVID-19 or ensuring compliance with social distancing measures, it will need to disclose some of the specifics of that process to the employees and have them opt-in for the process. Finally, for contact tracing purposes, any individual that shares their diagnosis will have to opt-in for the entity to legally collect, process, and transfer that information to others.
While the time to reach compliance is unknown, it is more important than ever to form a compliance plan for privacy legislation if you do not already have a plan in place. If you decide to prepare with us, our firm has created a 90 day California Consumer Privacy Act compliance program (which can be expedited) where our team will collaborate with you to determine a scalable, practical, and reasonable way for you to meet your needs, and we will provide a free initial consultation. For further inquiries or questions related to COVID-19, you can consult with a Task Force attorney by emailing NDCovid19Response@ndlf.com or contacting our office directly at 949-854-7000.
Kyle Janecek is an associate in the firm's Privacy & Data Security practice, and supports the team in advising clients on cyber related matters, including policies and procedures that can protect their day-to-day operations. For more information on how Kyle can help, contact him at kyle.janecek@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
EEOC Builds on Best Practice Guidance Regarding Harassment Within the Construction Industry
August 12, 2024 —
Abby M. Warren & Christohper A. Costain - Construction Law ZoneIn June 2024, the Equal Employment Opportunity Commission (EEOC) issued
guidance tailored to the construction industry concerning harassment in the workplace or at the jobsite. The guidance is important for construction industry leaders and employers to understand how to prevent and remedy harassment in the workplace — more than a third of all EEOC discrimination charges filed between 2019 and 2023 asserted harassment. The guidance represents the EEOC’s latest effort in executing its Strategic Enforcement Plan for Fiscal Years 2024 to 2028, which, in part, focuses on combatting systemic harassment and eliminating barriers in recruitment and hiring, particularly for underrepresented groups in certain industries, including women in construction, through the EEOC’s enforcement efforts. In this article, we highlight key principles and practices from this guidance
Leadership and Accountability
The guidance reiterates that consistent and demonstrated leadership is critical to creating and maintaining a workplace culture where harassment is unacceptable and strictly prohibited. Worksite leaders, including project owners, crew supervisors, and union stewards, are each expected to regularly communicate that harassment is intolerable through several suggested efforts.
Reprinted courtesy of
Abby M. Warren, Robinson+Cole and
Christohper A. Costain, Robinson+Cole
Ms. Warren may be contacted at awarren@rc.com
Mr. Costain may be contacted at ccostain@rc.com
Read the court decisionRead the full story...Reprinted courtesy of
Solar Energy Isn’t Always Green
August 27, 2014 —
Beverley BevenFlorez-CDJ STAFFIEEE Spectrum reported that photovoltaics, used in Solar Energy, “varies substantially by technology and geography” and some emit chemical pollution. However, IEE Spectrum stated that “the industry could readily eliminate many of the damaging side effects that do exist.”
One challenge is that “nearly half the world’s photovoltaics are manufactured in China” who, according to IEEE Spectrum, “typically [does] the worst job of protecting the environment and their workers.”
It is also difficult for consumers to make choices based upon photovoltaic manufacturer practices, since solar energy doesn’t have a formal ecolabel like Energy Star, IEEE Spectrum reported.
Read the court decisionRead the full story...Reprinted courtesy of
John Paulson’s $1 Billion Caribbean Empire Faces Betrayal
November 27, 2023 —
Jim Wyss & Tom Maloney - BloombergIn the decade since hedge fund billionaire John Paulson took a grand gamble on Puerto Rico, he’s faced the wrath of the markets and mother nature.
He’s navigated hurricanes, earthquakes, the pandemic and the largest municipal bankruptcy in US history to amass a portfolio of luxury hotels and resorts, high-end office blocks, and auto dealerships catering to the island’s rich.
Now, just a few months after breaking ground on one of San Juan’s tallest and most exclusive residential towers, Paulson is facing a new wave of threats: lawsuits that strike at the heart of his Caribbean empire.
Reprinted courtesy of
Jim Wyss, Bloomberg and
Tom Maloney, Bloomberg Read the court decisionRead the full story...Reprinted courtesy of
Before Celebrating the Market Rebound, Builders Need to Read the Fine Print: New Changes in Construction Law Coming Out of the Recession
November 26, 2014 —
Alan H. Packer - Newmeyer & Dillion, LLPAs the homebuilding market continues to improve, many builders find themselves maneuvering familiar roads. That said, important new realities have taken hold since the market collapse. Navigating these changes requires extra thought for practical and legal reasons.
Using Old Designs “Off the Shelf”?
The adoption of the California Building Standards Code in 2010, with an updated schedule to go into effect January 1, may complicate the use of older designs. In addition, some builders are contemplating building on pads constructed five or more years ago, temporarily shelved until market conditions improved. Because of changes in both the applicable Code and due to possible changes in the underlying soils and drainage, these projects require additional scrutiny before starting construction.
Mechanic’s Lien Law Changes
Not too long ago, the California Legislature recently overhauled the entire mechanic’s lien law system in California. New forms, new statutory references, new rules and deadlines are all applicable to projects under construction now. Make sure your documents are up to date, as the use of older forms (particularly for liens, progress payments, and final payments) could create legal problems in the future.
Indemnity Law Changes
Since 2006, California lawmakers have passed four rounds of legislation aimed at limiting indemnity provisions in construction contracts. The laws are aimed at two aspects of indemnity law: “Type 1” indemnity provisions, and liability for the costs of defending a claim.
Type 1 Indemnity. California law previously permitted a builder to obtain “Type 1” indemnity from its subcontractors for all claims. Under a Type 1 provision, if a claim arose out of the trade’s work, the trade was fully responsible to defend and indemnify the builder – even if other trades or the Builder were partially at fault. Some cases even allowed, typically in a commercial context, the builder to obtain Type 1 indemnity even if the trade was not negligent, as long as the claim involved its work.
Defense Obligation. In 2008, California’s highest court issued an opinion in Crawford v. Weather Shield, evaluating an indemnity provision requiring trade (a window supplier/manufacturer) to defend the builder in claims involving allegations of damages arising out of the trade’s work. Because the trade had contractually agreed to defend the builder, the Court held it responsible for the builder’s defense costs -- even though, ultimately, the trade was found
not liable for the actual damages claimed.
Recent legislation after Crawford has dramatically shifted how indemnity provisions will be enforced. Builders may no longer obtain Type 1 indemnity for residential construction defect claims covered by SB800; instead, indemnity is limited to the extent a claim arises out of the trade’s work. Even more recent legislation applied these changes to claims arising out of commercial construction projects. The recent legislation allows the trades “options” on how to defend the builder, with an eye toward requiring that they pay only a “reasonably allocated” portion for the builder’s defense costs.
Smart builders are refining their contract documents to take into account these new limitations on indemnity provisions.
Insurance Market Changes
Due to uncertainties in subcontractor insurance and other factors, many builders have also converted their liability insurance from a “bring your own” model to “wrap-up” insurance, where the builder’s policy also covers their trades. Builders should carefully examine their subcontracts in light of this change as well.
Trade Partner Changes
On a practical level, many trade partners, particularly in the residential sector, have gone out of business or moved on to greener pastures. Builders need to find and negotiate contracts with new trade partners on the fly, and educate them on the builders’ procedures for payment and construction.
SB800 documentation
A decade ago, most builders updated their purchase documents and subcontracts for California’s “Right to Repair Law” (also known as SB800), which set forth functionality standards for construction defects in residential housing, and procedures for resolving claims prior to litigation. Builders ramping up to meet market demand should examine how they implemented SB800 changes in contract documents. Issues to consider:
- Whether to opt out of -- or back into -- statutory procedures.
- Whether to include arbitration or judicial reference provisions to control where claims are litigated after the SB800 process.
- Re-training personnel to preserve SB800 rights, including sign-offs on purchase documentation and recordation of key documents.
- Recent Court of Appeal decisions have complicated the SB800 landscape, potentially opening the door to “common law” tort claims in at least subrogation contexts. Strategic planning at the document stage may be a good way to mitigate this risk as the cases wind their way through the judicial process.
The continuing surge in building activity is a welcome sign for builders who have weathered the storm. Before taking too many steps, builders should consult with counsel, their designers, and their insurance advisors to take into account the new realities of this recovering housing market.
About the Author
Alan H. Packer is a partner in the expanding Walnut Creek, CA, office of the law firm of
Newmeyer & Dillion LLP whose specialties include real estate, insurance, and construction litigation. To reach Alan, call 925.988.3200 or email him at alan.packer@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
OSHA COVID-19 Vaccination and Testing ETS Unveiled
November 19, 2021 —
Donna Reichle - Construction ExecutiveAssociated Builders and Contractors today released the following statement on the Occupational Safety and Health Administration’s issuance of its COVID-19 vaccination and testing Emergency Temporary Standard, which applies to employers with 100 or more employees as required by President Biden’s Path Out of the Pandemic COVID-19 Action Plan.
“The OSHA ETS is likely to increase compliance costs and cause regulatory burdens that will exacerbate several headwinds facing the construction industry—which is currently facing a workforce shortage of 430,000, escalating materials prices and supply chain bottlenecks—and the American economy,” says Ben Brubeck, ABC vice president of regulatory, labor and state affairs. “We are currently reviewing the 490-page rule and related documents from the Biden-Harris administration in order to thoroughly evaluate its impact on our membership and the construction industry.”
Reprinted courtesy of
Donna Reichle, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
Ms. Reichle may be contacted at
reichle@abc.org
The Enforceability of “Pay-If-Paid” Provisions Affirmed in New Jersey
January 04, 2023 —
Levi W. Barrett, Michael S. Zicherman & Brian Glicos - Peckar & Abramson, P.C.On December 7, 2022, the Appellate Division affirmed the New Jersey Superior Court decision in Jersey Precast v. Tricon Enterprises, Inc. et al., finding that the “pay-if-paid” clause in a material supplier’s purchase order with a general contractor was binding and enforceable. While clauses conditioning a general contractor’s obligation to pay its subcontractors on the general contractor’s receipt of payment from the project owner are not unique – this is the first time that a court in New Jersey has affirmed this practice in a published opinion. [1]
Background
The general contractor, Tricon, sent Jersey Precast its standard form purchase order for the supply of prestressed box beams to fulfill a public improvement contract with Union County. The reverse side of the form purchase order contained standard terms and conditions, and included a pay-if-paid clause drafted by Michael Zicherman, a partner of Peckar & Abramson, P.C. While Jersey Precast provided some draft revisions to the terms and conditions, Tricon never signed the purchase order and the proposed revisions were never accepted. Significantly, Jersey Precast did not attempt to modify the pay-if-paid provision. It later developed that the construction of the project became impossible, and the beams fabricated by Jersey Precast were not used. Tricon invoiced Union County for the cost of the beams, but the County failed to make payment and refused to accept delivery of the beams.
Reprinted courtesy of
Levi W. Barrett, Peckar & Abramson, P.C.,
Michael S. Zicherman, Peckar & Abramson, P.C. and
Brian Glicos, Peckar & Abramson, P.C.
Mr. Barrett may be contacted at lbarrett@pecklaw.com
Mr. Zicherman may be contacted at mzicherman@pecklaw.com
Mr. Glicos may be contacted at bglicos@pecklaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Construction Defect Bill a Long Shot in Nevada
June 28, 2013 —
CDJ STAFFConstruction defect reform may still be on the table in Nevada, according to the Reno Gazette Journal. Assembly member Pat Hickey got a committee hearing for Assembly Bill 504 on Sunday. The bill is backed by the construction industry and opposed by trial lawyers. Hickey told the Assembly Commerce and Labor committee that “this bill is not perfect, I would like for it to do more,” and said that without changes Nevada will “continue to reward litigation over resolution.”
AB504 would, among other provisions, provide some protection to subcontractors from the actions of general contractors, though Ira Hansen, an assembly member from Sparks and the owner of a plumbing business, called it a “backhanded slap.” The Gazette noted that similar language pertaining to subcontractors was in AB367, which is sponsored by Democrats. Hickey and Hansen are both Republicans.
Read the court decisionRead the full story...Reprinted courtesy of
