Posts

Showing posts with the label vendors

OCR Announces HIPAA Enforcement Action Against Self-Funded Group Health Plan

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently  announced  a HIPAA enforcement action against an employer-sponsored group health plan. The action resulted in a payment to HHS of $245,000 and a two-year corrective action plan. While HIPAA enforcement is common in the healthcare sector, actions directly against employer-sponsored group health plans are not as common. This case,  coupled with DOL guidance for ERISA fiduciaries concerning cybersecurity , underscores a growing regulatory focus not only on traditional healthcare entities, but also on the plans and ecosystems maintained by employers under ERISA. The Incident: Ransomware, Unauthorized Access, and Plan Data According to the breach notification sent to affected individuals, the plan sponsor experienced a security incident back in 2021 involving encryption of systems and unauthorized access to sensitive data . The data included names and Social Security numbers, along ...

New Lawsuit Highlights Concerns About AI Notetakers: 7 Steps Businesses Should Take

A new lawsuit just filed against Otter.ai underscores the legal and compliance risks companies face when using AI notetakers – and serves as a good reminder to deploy best practices to reduce your risks. The August 15 case alleges that Otter’s popular transcription tool secretly records conversations without proper consent and then uses that data to train its machine-learning models. While AI notetakers can boost productivity, they also raise privacy, security, and compliance questions . This Insight reviews the lawsuit, goes over key risks, and outlines seven practical steps businesses should take before relying on AI transcription tools. Case Summary:  Brewer v Otter.ai Court : US District Court, Northern District of California (5:25-cv-06911) Filed:  August 15 Judge:  Hon. Eumi K. Lee Complaint:  Available by  clicking here The consumer filed a proposed class action in California federal court against Otter.ai, maker of the widely used Otter Notetaker. The c...

Managing the Managers: Governance Risks and Considerations for Employee Monitoring Platforms

In today’s hybrid and remote work environment, organizations are increasingly turning to digital employee management platforms that promise productivity insights, compliance enforcement, and even behavioral analytics. These tools—offered by a growing number of vendors—can monitor everything from application usage and website visits to keystrokes, idle time, and screen recordings. Some go further, offering video capture, geolocation tracking, AI-driven risk scoring, sentiment analysis, and predictive indicators of turnover or burnout. While powerful, these platforms also carry real legal and operational risks if not assessed, configured, and governed carefully. Capabilities That Go Beyond Traditional Monitoring Modern employee management tools have expanded far beyond “punching in,” reviewing emails, and tracking websites visited. Depending on the features selected and how the platform is configured, employers may have access to: Real-time screen capture and video recording Automated t...

California Employers: Artificial Intelligence in Hiring Brings New Compliance Risks

Key Takeaways Use of Artificial Intelligence in hiring and promotion is undergoing regulatory scrutiny in California Tools that screen resumes, rank candidates, or assess interview responses can lead to legitimate claims of bias or discrimination Employers must ensure AI tools are transparent, explainable, and tested for adverse impact on protected groups The EEOC and the Civil Rights Department may view reliance on opaque (non-transparent) or unvalidated (not tested or verified for accuracy or bias) AI as a violation of anti-discrimination laws F ederal and California agencies have increased their focus on how AI and automated decision-making tools are being used in hiring, promotions, and employment screening processes. Employers using such technologies may be exposed to discrimination claims if these tools lead to disparate treatment or impact on certain races, national origins, genders, ages, or other protected classes, whether intentional or not. With AI increasingly integrated i...

We Get Privacy for Work: The Increasing Importance of Data Mapping

Transcript INTRO To effectively and immediately respond to cybersecurity data breaches – and remain compliant with the constant bevy of new data privacy laws – you need to know what data your organization is collecting and from whom.   On this episode of We get Privacy for work, we discuss data mapping, the most efficient way to keep track of the information your organization is collecting and storing .   Today's hosts are Damon Silver and Joe Lazzarotti, co-leaders of the firm’s Privacy, Data and Cybersecurity Group and principals, respectively, in the firm's New York City and Tampa offices.   Damon and Joe, the question on everyone’s mind today is: What is data mapping, how do I implement it and how does that impact my organization?     Damon Silver Principal, New York City  Welcome to the We get privacy podcast. I'm Damon Silver, and I'm joined by my co-host, Joe Lazzarotti. Joe and I co-lead the Privacy Data and Cybersecurity Group at Jackson Lewis. In ...