Illinois’ first-of-its-kind legislation aimed at regulating the use of artificial intelligence in video interviews for Illinois-based positions goes into effect on January 1, 2020. The Artificial Intelligence Video Interview Act will make employers’ use of artificial intelligence to analyze applicant-submitted video interviews more complicated at a time when employers are increasingly relying on the technology to streamline the hiring process and support diversity initiatives. Despite the benefits of facial recognition technology, proponents of the law claim these technologies perpetuate gender, racial, age and other biases that can led to employment discrimination.
Continue Reading Stop the Camera! New Limits on Facial Recognition Technology for Interviews Take Effect in Illinois on January 1, 2020

To close out the 2019 legislative season, Governor Gavin Newsom signed dozens of bills into law, which will have lasting impacts for California employers. In addition to the summaries and clarifications from prior blog posts, below is an overview of key new employment laws.
Continue Reading 2020 Vision: California’s New Employment Laws

On October 11, 2019, California Gov. Gavin Newsom signed AB 25 into law, giving employees, applicants, independent contractors, emergency contacts and dependents new rights to privacy. As explained in our previous post—Employee Privacy by Design: Guidance for Employers Beginning to Comply with the California Consumer Privacy Act—the amendment to CCPA is a limited one-year reprieve for employers. Effective January 1, 2020, employers must provide disclosures to employees about the categories of personal information collected and its purpose. One year later, on January 1, 2021, all rights under CCPA will be provided, including the right to request access and the right to be forgotten. Below are a few quick points clarifying what AB 25 means for Human Resources professionals:
Continue Reading Big Bang! California Expands Employee Privacy Rights & Insights from the Office of Attorney General

On September 13, 2019, the California Senate and Assembly unanimously passed an amendment to the California Consumer Privacy Act (“CCPA”) that places onerous obligations on employers and entitles employees to statutory damages for data breaches.  The landmark measure—AB 25—awaits Governor Newsom’s signature (or veto).  Regardless of whether AB 25 is signed into law, CCPA applies to employee data and employers have until January 1, 2020 to comply.  This article explores how the California Consumer Privacy Act impacts existing employee privacy rights and how employers can begin to develop a holistic privacy compliance program.
Continue Reading Employee Privacy by Design: Guidance for Employers Beginning to Comply with the California Consumer Privacy Act

After Illinois passed its Biometric Information Privacy Act in 2008 (“BIPA”), other states have begun enacting legislation regulating business activities relating to biometric information. Texas and Washington were next, followed by California in 2018. Now, Massachusetts has proposed legislation regulating the use of a consumer’s personal and biometric information.

Bill SD.341, “an Act relative to consumer data privacy,” draws much of its language from the California Consumer Privacy Act of 2018 (“CCPA”), and also has some parallels to BIPA. However, there are several differences between the Bill and BIPA worth noting.
Continue Reading Proposed Massachusetts Consumer Data Privacy Law Takes Lessons From Illinois’ Biometric Law

The Illinois Supreme Court recently handed down its much-anticipated decision in Rosenbach v. Six Flags Entertainment Corporation et al., clarifying what makes someone “aggrieved” and able to bring a claim under the Illinois Biometric Information Privacy Act (“BIPA”). We have addressed this issue in prior blogs, including here and here. The Supreme Court has now held an individual need not allege some actual injury or adverse effect to be “aggrieved” and have statutory standing. An individual can state a BIPA claim simply by alleging an entity’s failure to follow the statute’s notice and consent requirements.
Continue Reading Actual Injury Unnecessary to Sue Under Illinois Biometric Law

On November 20, 2018, the Illinois Supreme Court heard oral arguments in Rosenbach v. Six Flags Entertainment Corp. and Great America LLC to decide whether a technical violation of Illinois’ Biometric Information Privacy Act (BIPA), 740 ILCS 14 et seq., without some additional injury, is enough to give an individual standing to sue under the Act.

As explained in further detail here, BIPA establishes certain notice-and-consent requirements that private entities must follow if they are going to collect, store, and use biometric identifiers and information, such as fingerprints. BIPA also creates a private right of action for individuals who are “aggrieved” by a violation of the act. In recent years, there has been a huge upswing in the number of cases filed under BIPA. The main issue these cases encounter early on is whether a company’s mere technical violation of the notice-and-consent requirements is enough to make a plaintiff “aggrieved,” and therefore have standing to sue, or if additional injury is required.


Continue Reading The Fight Over Standing Under the Biometric Information Privacy Act Continues in Illinois High Court

The legalization of recreational use of marijuana in several states, including California, has left many employment policies vague and confused. This article offers insights to questions every employer should be asking in light of legalization.

California’s Rollout of Legal Marijuana

California voters passed the Adult Use of Marijuana Act (“Prop 64”) on November 8, 2016, legalizing recreational marijuana use. However, the California Bureau of Cannabis Control only began accepting, processing, and issuing licenses to commercial marijuana dispensaries as of January 1, 2018. As of April 2018, the Bureau has granted over 5,000 licenses for a variety of commercial uses, including retail sales and distribution.
Continue Reading It’s High Time to Update Your Marijuana Policies

In recent years, the use of biometrics in business has been growing. In the employment context, for example, some employers use biometric time clocks, which allow employees to “clock in” with a fingerprint or iris scan. Unlike a password or social security number, however, an individual’s biometric identifier or information cannot be changed or replaced if compromised. In the event of a data breach, individuals may have no recourse against identity theft, due to the biologically unique nature of biometrics.
Continue Reading Actual Injury Required to Sue Under Illinois Biometric Information Privacy Act

On August 29, 2013, New Jersey Governor Chris Christie signed into law a new measure prohibiting employers from requiring employees or job applicants to provide login information or allow employer access to their accounts on social media sites such as Facebook, Twitter, and YouTube. While, under the law, employers may still view any publicly available information, they may not compel employees to disclose account passwords or “friend” company personnel.


Continue Reading New Jersey Employers May Not “Like” State’s New Social Media “Privacy Settings”