Biometric Information Privacy Act

AGCO Corp., Ceridian HMC Inc. and Hegewisch Development Corp. Latest Employers to Face Allegations of BIPA Violations

• Lawsuits against employers for alleged violations of Illinois’ Biometric Information Privacy Act (BIPA) show no signs of slowing, with three more employers, AGCO Corp., Ceridian HCM Inc. and Hegewisch Development Corp., all facing suits in recent weeks.

• The complaints all are very similar, with each alleging that the defendants collected fingerprint information without informing their employees in writing of the purpose for which or length of time the fingerprints would be stored.

• Each suit seeks class certification and statutory damages of $5,000 per violation.

Data Breaches

Augusta University Health Faces Breach That Allegedly Exposed Data on 400,000 Individuals

  • Augusta University Health announced data breaches that led to the exposure of medical and personal information of more than 417,000 patients.
  • According to Augusta’s notice, the healthcare system suffered two breaches, in September 2017 and July 2018, resulting from phishing attempts.
  • The data involved included patient names, addresses, dates of birth, medical record numbers, medical information, treatment information, surgical information, diagnoses, lab results, medications, dates of service and/or insurance information, and, in a small number of cases, Social Security or driver’s license numbers.

Adams County, Wisconsin, Suffers Breach Involving 250,000 Citizens

  • Adams County, Wisconsin, suffered a data security incident that impacted a variety of county systems, including the Veteran Service Office, Extension Office, Adams County Employees, Solid Waste, Health and Human Services, Child Support, and Sheriff’s Offices.
  • The county’s press release indicated that the attackers may have accessed more than five years of records from the affected departments, which included a wide variety of personal information, protected health information and tax intercept information.

Federal Trade Commission

Electronic Privacy Information Center Accuses Google of Violating 2011 FTC Settlement

  • The Electronic Privacy Information Center (EPIC) sent a letter to the Federal Trade Commission (FTC) alleging that Google was tracking user location even when users opted out of tracking, allegedly violating a 2011 settlement between Google and the FTC.
  • According to EPIC’s letter, Google’s alleged “privacy violation affects all Android users and iPhone users who use Google Maps or search.”
  • EPIC goes on to urge that the FTC enforce the prior settlement and “hold Google accountable.”


President Trump Signs NIST Small Business Cybersecurity Act

  • President Trump has signed the NIST Small Business Cybersecurity Act, which requires NIST to issue guidance and a consistent set of resources to help small businesses identify, assess and reduce their cybersecurity risks.
  • According to Senator Brian Schatz, D-Hawaii, one of the bill’s co-sponsors, the new law “will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks”