Privacy In Pandemic: Senators Announce Covid-19 Data Privacy Bill
May 11, 2020 —
Kyle Janecek & Jeffrey Dennis – Newmeyer Dillion"Data! Data! Data!. . . I can't make bricks without clay." This classic statement from Sherlock Holmes in The Adventure of the Copper Beeches takes on a new meaning in the COVID-19 pandemic. With the plans to begin contact tracing the spread of the COVID-19 pandemic slowly moving towards the forefront, a valid and important issue presents itself: how do we treat and protect the data we so desperately need to trace, track, and address the pandemic? U.S. Senators Wicker, Thune, Moran, and Blackburn introduced a possible solution to this problem with the COVID-19 Consumer Data Protection Act, as announced on April 30, 2020. So what does the Act entail? What information is protected? What action would businesses need to take towards individuals, such as consumers or even employees, in order to comply with this new legislation?
WHAT IS THE COVID-19 CONSUMER DATA PROTECTION ACT?
The Act is meant to address the concern regarding data collection and privacy due to large companies, like Google and Apple, adjusting the software within their devices to facilitate digital contact tracing. The Act can be broken up into three parts - the treatment of information; the privacy notice requirements; and the transparency requirements.
First, the Act prohibits the collection, processing, or transfer of certain categories of data without notice and the affirmative express consent of the individual, in order to:
- Track the spread of COVID-19,
- Trace the spread of COVID-19 through contact tracing, or
- Determine compliance with social distancing guidelines without the requisite notice to individuals and their express consent.
To accomplish this, the Act also restricts entities in their ability to collect excessive information, stating that an entity cannot collect information beyond what is reasonably necessary to conduct any of the three COVID-19 related purposes listed in the statute. The entity must also provide reasonable administrative, technical, and physical data security policies and practices to protect the information collected. Furthermore, in the event that the entity stops using the information for any of the three COVID-19 purposes, it must delete or de-identify the information it has collected.
Next, the Act describes the requirements for notice to individuals. In order to legally collect, process or transfer the information, the entity needs to provide the consumer with prior notice of the purpose, processing, and transfer of the data through their privacy policy within 14 days of the enactment of the law. This policy would have to:
- Disclose the consumer's rights in a clear and conspicuous manner prior to or at the point of collection,
- Be available in a clear and conspicuous manner to the public,
- Include whether the entity will transfer any of the information it collects in order to track or trace COVID-19 or determine compliance with social distancing,
- Describe its data retention policy, and
- Generally describe its data security measures.
Notably, many of these are already requirements common to many privacy policies, including the disclosure regarding the transfer of an individual's information.
In addition, an individual must give their affirmative express consent to such collection, processing and transfer. In other words, an individual must "opt-in" to having their information collected. This would be done through a checked box or electronic signature, as the law prohibits entities from inferring consent through a failure by the individual to take an action stopping the collection. Furthermore, the individual would also need the ability to expressly withdraw their consent, with the entity then having to cease collection, processing, or transfer of the information within 14 days of the revocation. In essence, due to the restriction on transferal, this may result in businesses opting to delete or de-identify data upon a revocation.
Finally, the entity would have to abide by certain reporting and transparency requirements, namely a monthly public report stating how many individuals had information collected, processed or transferred, and describing the categories of the data collected, processed or transferred by the entity and why. This is akin to the California Consumer Privacy Act's treatment of categories of information, though it would require this information to be released on an ongoing, monthly basis.
WHAT DATA IS COVERED?
Notably, the Act only affects a very limited scope of data. The Act covers geolocation data (exact real-time locations), proximity data (approximated location data), and Personal Health Information (any genetic/diagnosis information that can identify someone). This could cover information like Bluetooth communication or real-time tracking based on a cell phone's geolocation features. Notably, Personal Health Information does not include any information that may be covered under HIPAA or the broader categorization of "Biometric" data (i.e. retinal scans, finger prints, etc). Furthermore, and more generally, "publicly available information" is excluded, which includes information from telephone books or online directories, the news media, "video, internet, or audio content" as well as "websites available to the general public on an unrestricted basis." The latter of which potentially would push any and all information made available through social media (i.e. Facebook or Twitter) into the definition of "publicly available information."
HOW IS IT ENFORCED?
Generally, the law would be enforced by the FTC, under the provisions regarding unfair or deceptive acts or practices, similar to other enforcement actions arising out of privacy policies. Notwithstanding, state attorney generals may also bring actions to enforce compliance and obtain damages, civil penalties, restitution, or other compensation on behalf of the residents of the state.
WHAT SHOULD MY COMPANY DO?
If your entity plans on collecting information for tracking COVID-19, measuring social distancing compliance, or contact tracing, it is advisable to include language in your privacy policy now. This could be as simple as adding an additional provision within your privacy policy stating that the entity will retain information to conduct one of the three COVID-19 purposes as laid out in the statute. In addition, this also means that should the entity collect and use employee information for contact tracing, tracking the spread of COVID-19 or ensuring compliance with social distancing measures, it will need to disclose some of the specifics of that process to the employees and have them opt-in for the process. Finally, for contact tracing purposes, any individual that shares their diagnosis will have to opt-in for the entity to legally collect, process, and transfer that information to others.
While the time to reach compliance is unknown, it is more important than ever to form a compliance plan for privacy legislation if you do not already have a plan in place. If you decide to prepare with us, our firm has created a 90 day California Consumer Privacy Act compliance program (which can be expedited) where our team will collaborate with you to determine a scalable, practical, and reasonable way for you to meet your needs, and we will provide a free initial consultation. For further inquiries or questions related to COVID-19, you can consult with a Task Force attorney by emailing NDCovid19Response@ndlf.com or contacting our office directly at 949-854-7000.
Kyle Janecek is an associate in the firm's Privacy & Data Security practice, and supports the team in advising clients on cyber related matters, including policies and procedures that can protect their day-to-day operations. For more information on how Kyle can help, contact him at kyle.janecek@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Job Gains a Positive for Housing
October 15, 2014 —
Beverley BevenFlorez-CDJ STAFFThe National Association of Home Builders’ Eye on Housing reported that there were 248,000 net jobs created in September, according to the Bureau of Labor Statistics (BLS): “August gains were revised from a disappointing 142,000 to a slightly better 180,000, while July’s tally was also revised from 212,000 to 243,000.”
Furthermore, “September was a promising month for residential construction employment. The BLS data reveal that home builders and remodelers added 11,800 positions last month. Over the last year, residential construction employment has expanded by 129,000 jobs.”
Read the court decisionRead the full story...Reprinted courtesy of
An Obligation to Provide Notice and an Opportunity to Cure May not End after Termination, and Why an Early Offer of Settlement Should Be Considered on Public Works Contracts
August 17, 2020 —
Jeff Kaatz - Ahlers Cressman & SleightIn 2015, the City of Puyallup (“City”) and Conway Construction Company (“Conway”) executed a public works contract for road improvements (“Project”). On March 9, 2016, approximately four months after work started on the Project, the City issued Conway a notice of suspension and breach of contract and identified nine defective and uncorrected work and safety concerns. Conway denied any wrongdoing, and on March 25, 2016, the City issued a notice of termination for default and withheld payments due to Conway.
Conway subsequently filed suit in Pierce County Superior Court and alleged the City’s termination for default breached the contract and sought a determination that the City’s termination for default was improper and should be deemed a termination for convenience. Conway sought approximately $1.25 million in damages and recovery of its attorney fees and costs. Following a bench trial, the Trial Court found the City breached the contract and awarded Conway damages, attorney fees, and costs. The City appealed.[1]
On appeal, after affirming the trial court’s determination that the City improperly terminated Conway, the Court of Appeals considered two other issues raised by the City. First, whether the City was entitled to a set-off for replacing defective work discovered after Conway was terminated. Second, whether Conway is entitled to attorney fees if it did not make the statutorily required offer of settlement per RCW 39.04.240.
Read the court decisionRead the full story...Reprinted courtesy of
Jeff Kaatz, Ahlers Cressman & SleightMr. Kaatz may be contacted at
Jeff.Kaatz@acslawyers.com
Important Information Regarding Colorado Mechanic’s Lien Rights.
November 07, 2012 —
David McLain, Colorado Construction LitigationWith payment problems in the construction economy having accelerated over the past few years, there has been a substantial increase in mechanic’s lien activity and associated litigation. The typical mechanic’s lien claimant is a material supplier, a trade subcontractor, or even a general contractor that has not been paid by the developer/owner of the construction project. The reason for filing a mechanic’s lien claim is that it offers the prospect in many cases to make the unpaid construction professional a priority creditor, with a lien on the real estate that is superior to the construction lender.
One of the primary rules governing a mechanic’s lien claim is that the creditor’s formal written “Notice of Intent to File a Mechanic’s Lien” (hereafter “Lien Notice”) must be (1) served on the owner of the property for which the work was done or the materials used, and (2) served at the same time on the general contractor who has handled the construction project. After the creditor has made service of the lien claim by USPS certified mail (using the green return receipt card for proof of service) or separate personal delivery of the notice to the property owner and general contractor, ten full days must pass (not including the date of mailing of the notices) before the lien notice is filed in the public records.
After ten days have expired following the date of mailing using certified mail, or personal delivery of the notice to the property owner and the general contractor, the lien notice can be filed to make the lien valid.
Read the court decisionRead the full story...Reprinted courtesy of
David M. McLain, Higgins, Hopkins, McLain & Roswell, LLC.Mr. McLain can be contacted at
mclain@hhmrlaw.com
Overruling Henkel, California Supreme Court Validates Assignment of Policies
October 02, 2015 —
Tred R. Eyerly – Insurance Law HawaiiIn a major ruling, the California Supreme Court applied a statutory provision to overrule its prior decision in Henkel Corp. v. Hartford Accident & Indemn. Co., 29 Cal. 4th 934 (2003) and ruled that liability policies can be assigned despite non-assignment provisions. See Fluor Corp. v. Superior Court, 2015 Cal. LEXIS 5631 (Cal. Aug. 20, 2015). The Hawaii Supreme Court relied on Henkel when it also found anti-consent provisions valid. See Del Monte Fresh Fresh Produce (Hawaii), Inc. v. Fireman's Fund Ins. Co., 117 Haw. 357, 183 P.3d 734 (2007) [see posts here and here].
For decades, Fluor Corporation performed engineering, procurement, and construction (EPC) operations through various corporate entities and subsidiaries. Beginning in 1971, Hartford issued up to 11 CGL policies to Fluor from 1971 to 1986. Each policy contained a consent-to-assignment clause reading: "Assignment of interest under the policy shall not bind the Company until its consent is endorsed hereon."
Beginning in the mid-1980s, Fluor Corporation was sued in numerous lawsuits claiming personal injury from asbestos exposure. Fluor Corporation tendered the early lawsuits to Hartford, which accepted the defense. Fluor Corporation subsequently went through a reverse spinoff under which a newly formed subsidiary, Fluor 2, took over the continuation of the company's EPC businesses. The original Fluor transferred all of its EPC-related assets and liabilities to Fluor-2, making Fluor-2 the parent of the EPC subsidiaries. The transaction did not except any insurance rights from the transfer of "any and all" assets.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Is New York Heading for a Construction Defect Boom?
March 12, 2015 —
Beverley BevenFlorez-CDJ STAFFThe New York Times reported that “[t]here is growing concern that some developers are repeating the mistakes of the last housing boom and delivering substandard product.”
“My phone is ringing already on projects that were just completed,” Steven D. Sladkus, a Manhattan real estate lawyer who says his firm has dozens of active construction defect cases, told the New York Times. “Uh-oh, here we go again.”
Recent data shows a rising trend of building plans in New York: “Last year, the city issued construction permits for 20,300 units of housing, according to the Real Estate Board of New York. And the state attorney general’s office received submissions for 263 offering plans for condo conversions and new construction in 2014, up from 184 in 2011. Those numbers will most likely grow in 2015, encouraged by Mayor Bill de Blasio’s push to build more housing.”
Read the court decisionRead the full story...Reprinted courtesy of
White and Williams Lawyers Recognized by Best Lawyers
August 26, 2015 —
White and Williams LLPTwelve White and Williams lawyers have been listed in The Best Lawyers in America 2016. Inclusion in Best Lawyers is based entirely on peer-review. The methodology is designed to capture the consensus opinion of leading lawyers about the professional abilities of their colleagues within the same geographical area and legal practice area. Best Lawyers employs a sophisticated, conscientious, rational, and transparent survey process designed to elicit meaningful and substantive evaluations of the quality of legal services.
2016 Best Lawyers
Attorney / Practice Area
Frank Bruno / Patent Law
James Coffey / Mergers and Acquisitions Law
Timothy Davis / Real Estate Law
Joseph Foster / Personal Injury Litigation - Defendants
William Hussey / Tax Law; Trusts and Estates
Michael Kraemer / Employment Law - Management; Labor Law; Management; Litigation - Labor and Employment
Randy Maniloff / Insurance Law
John Orlando / Personal Injury Litigation - Defendants
Thomas Rogers / Real Estate Law
Joan Rosoff / Real Estate Law
Craig Stewart / Insurance Law; Product Liability - Defendants
William Taylor / Construction Law
Read the court decisionRead the full story...Reprinted courtesy of
You may contact White and Williams LLP attorneys at www.whiteandwilliams.com
NYC-N.J. Gateway Rail-Tunnel Work May Start in 2023
March 28, 2022 —
Elise Young - BloombergThe $12.3 billion Gateway rail tunnel linking New York City and New Jersey has reached a major preconstruction milestone with the completion of geotechnical studies necessary for the engineering phase.
The analysis of rock and silt from 75 earth samples on both sides of the Hudson River marks the latest in a series of swift leaps toward a potential 2023 start date. The project had been delayed years by former President Donald Trump, who had argued that costs should be covered solely by the states, not U.S. taxpayers.
The samples, from depths of 48 feet to 505 feet (14.6 meters to 154 meters), will guide design, according to the Gateway Development Commission, the project’s overseer. Some areas of particular interest to the researchers were on Manhattan’s West Side, parts of which were underwater before landfill was added many years ago.
Read the court decisionRead the full story...Reprinted courtesy of
Elise Young, Bloomberg