On July 18, 2023, Oregon joined the growing number of states in signing into law comprehensive data privacy legislation. Effective July 1, 2024, the Oregon Consumer Privacy Act (the OCPA or the Act) will create meaningful privacy protections for Oregon consumers and new data protection obligations for businesses operating in Oregon.
At Equinox, we champion transparency as the ultimate best practice. In today's business landscape, the trend of "radical transparency" can either be a strategic advantage or a self-destructive move. In this post, we delve into the complexities of transparency, guiding you through legal, regulatory, compliance, and cost considerations.
How is the Changing Perception of Cannabis Impacting Employment Practices? As legalized cannabis becomes more prevalent and widely accepted, so too have the attitudes and perspectives on cannabis usage evolved, including a shift in the current employment-related cannabis testing practices. Despite being a legal substance in Washington State, many employers still routinely choose to require... View Article
Consumer health data, as defined by the Act, encompasses a wide range of personal information linked to or reasonably could identify a consumer’s past, current, or future physical or mental health status consumer's physical or mental health status. Examples include individual health conditions, treatments, genetic data, diseases, diagnosis, use or purchase of prescribed medications, vital signs, bodily functions, symptoms, genetic data, biometric data, and more!
Equinox Business Law Leagal Update: The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) created new privacy rights for consumers and data protection obligations for businesses operating in California. The CPRA, which went into effect on January 1, 2023, includes additional protections for consumers, employees, and small and non-profit businesses, and establishes a new government agency for data privacy enforcement. The CPRA applies to businesses with a gross annual revenue exceeding $25 million, those that buy, sell, or share personal information of more than 100,000 consumers or households per year, or those that derive 50% or more of their annual revenues from selling or sharing consumers' personal information. Businesses need to update their collection notices, privacy policies, opt-out notices, and financial incentive notices and implement proactive risk-based controls. The best way to prepare for compliance is to perform a data audit, map out data flows, construct a privacy policy, and establish good data hygiene processes.
Employers should be aware that the FTC requires disclosure of an employee's employment relationship when making an endorsement on social media for the company they work for. The disclosure must be in simple and clear language and placed conspicuously. The FTC recommends that companies establish a social media policy that includes these disclosure requirements, consistently enforce the policy, and provide employees with training. Employers that direct employees to create or share social media posts should implement a policy and monitor the posts for compliance. To avoid potential legal issues, it is important for employers to follow these guidelines to ensure compliance with the FTC's rules.
As we look forward to 2022, don’t overlook legal. Legal is a powerful tool to help your business gain an advantage. Businesses that incorporate legal tactics into their strategies often can proactively address challenges and leverage legal to gain an edge over their competition. Three areas that can help you gain an advantage over the... View Article
We’ve all heard about cybersecurity risks and the increasing sophistication of hackers seeking to access our data. Small businesses are particularly at risk because they often don’t have sophisticated systems in place. The increasing work-from-home environment due initially to COVID-19, but likely to continue in the future, created even more access. Employees may use their... View Article
In our connected world, the internet is an essential tool for doing business, but it is also a major source of risk. It often isn’t a matter of if your data will ever be compromised, but when and how much. Good data protection policies and practices can help your business minimize risk and exposure to... View Article