As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our most popular topics and posts from 2024.

Expanding State Privacy Laws

This year saw a further expansion of state comprehensive consumer data privacy laws. These legislative measures aim to enhance the protection of consumer data, ensuring greater transparency and accountability for businesses that collect and process personal information. Several states introduced robust frameworks designed to safeguard consumer privacy. Whether you are an attorney, an executive, or a leader in human resources, marketing, operations, risk management, and of course IT, it is vital to stay informed about these evolving legal standards and their implications for both businesses and consumers.

Read more on these developments:

Bluegrass State Becomes Third State to Pass a Comprehensive Consumer Privacy Data Law in 2024

Maryland Passes Comprehensive Data Privacy Law, Joining the Swelling State Ranks

Minnesota Passes a Comprehensive Consumer Data Privacy Law

Nebraska Adds to the List of States That Have Enacted a Comprehensive Consumer Data Privacy Law

New Hampshire Passes Comprehensive Consumer Data Privacy Law

New Jersey Legislature Enacts the First Consumer Privacy Law of 2024

Rhode Island Passes a Comprehensive Consumer Data Privacy Law

Growing AI Regulation

In 2024, the landscape of artificial intelligence (AI) regulation experienced significant changes, reflecting the rapid advancements and widespread adoption of AI technologies across various industries. Regulators have increasingly focused on addressing the ethical, legal, and privacy implications of AI, leading to new laws and amendments aimed at safeguarding individuals' rights and ensuring transparency in AI deployment. One example at the federal level is the use of AI when conducting background checks and potential Fair Credit Reporting Act (FCRA) implications. A notable example at the state level is Illinois which made significant amendments to its Human Rights Act, setting a precedent for other states by incorporating specific provisions related to AI.

Read more about these developments:

AI Regulation Continues to Grow as Illinois Amends its Human Rights Act

AI Notetakers – Evaluating the Risks Along with the Benefits

3 Key Risks When Using AI for Performance Management and Ways to Mitigate Them

AI and Other Decision-Making Tools: Does the Fair Credit Reporting Act Apply?

Data Breach Risks Escalate

Businesses faced significant regulatory and legislative developments pertaining to data breaches in 2024, reflecting the growing need to protect sensitive information in an increasingly digital world. Key updates include the strengthening of breach notification requirements by multiple states, such as Utah, and the emphasis on multi-factor authentication to prevent unauthorized access. The rising scrutiny and evolving legal landscape underscore the necessity for businesses to implement robust cybersecurity measures and comply with updated data breach notification laws to mitigate risks and avoid severe penalties.

Read more about these developments:

Utah Updates to Breach Notification Requirements Take Effect

Multi-factor Authentication (MFA) Bypassed to Permit Data Breach

Website Tracking Concerns for Business

In 2024, the scrutiny surrounding website tracking technologies has intensified significantly. It has become critical for businesses to understand the evolving legal landscape of online tracking practices. Increased regulatory pressure and new legislative measures across different states have highlighted the need for businesses to implement robust privacy policies. These policies must comply not only with state-specific regulations but also with broader federal guidelines, ensuring the protection of consumer data and transparency in data collection. Moreover, recent guidance from the New York Attorney General and other regulatory bodies has emphasized that non-compliance can lead to severe penalties, making it imperative for online retailers and all businesses employing website tracking technologies to stay abreast of the latest legal requirements and best practices.

Read more about these developments:

California Invasion of Privacy Act Violations Aimed at Online Retailers

The Spotlight Shines Even Brighter: New York Attorney General Publishes Guidance On Businesses' Use Of Website Tracking Technologies

Litigation Under Wiretap Law and What Website Owners Need to Know

Administrative Guidance on Cybersecurity

This year several administrative agencies issued guidance on cybersecurity, emphasizing the critical importance of protecting sensitive data and ensuring robust security measures across various sectors. This year, the Department of Labor (DOL) expanded fiduciary obligations to include cybersecurity for health and welfare plans, reflecting a growing recognition of the vulnerabilities and risks associated with inadequate cybersecurity practices. When plan fiduciaries set out to assess their plan service providers, they might consider amendments the Securities and Exchange Commission (SEC) made in 2024 to Regulation S-P which regulates many of those same service providers. If the service provider is subject to S-P, confirming they comply with the SEC requirements for an incident response plan and other cybersecurity policy and procedure requirements, would help the fiduciaries satisfy their obligation to make prudent selections.

Read more about these developments:

DOL Expands Fiduciary Obligations for Cybersecurity to Health and Welfare Plans

Why Retirement Plan Sponsors and Fiduciaries Need to Know about the SEC Cybersecurity Amendments

The Broadening Data Security Mandate: SEC Incident Response Plan and Data Breach Notification Requirements

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.