This website uses cookies. For more information please contact us or consult our privacy policy.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
- Home
- Practices and Industries
- Regulatory and Public Policy
- Data Privacy and Cybersecurity
- Human Resources Privacy
Covington lawyers have helped numerous clients understand and comply with the increasingly complex set of rules governing privacy in the workplace. On a range of issues including the privacy of employment records, employee monitoring, the use of biometrics, and pretexting, our lawyers provide thoughtful and valuable advice to help our clients manage human resources and other workplace operations.
We regularly advise clients regarding proper methods for collecting and processing employee personal information, including preparing notices, policies, consent forms, and contracts in connection with employment relationships. In addition, we draft acceptable use policies for Internet, e-mail, blogging, and other network activities in accordance with existing laws and practices regarding workplace monitoring. We often undertake detailed reviews of companies’ privacy practices in connection with internal audits, as well as proposed transactions, and we offer training and compliance programs to help clients ensure that they are managing employee information responsibly and protecting themselves from cybersecurity risks posed by malicious or negligent insiders.
Of particular importance to many multinational corporations is the transfer of employee data from Europe or Asia to the United States, and we have helped clients identify the proper legal basis for effecting such transfers. Finally, our lawyers are expert in counseling companies that have suffered security breaches involving employee personal information, and we work with them to develop appropriate responses to affected individuals and regulators.
Protection of employee personal information
Provided guidance to a major technology and manufacturing company in connection with the unauthorized posting of employee personal information on a third-party webpage. Our efforts on behalf of the client included working with Internet service providers to remove the posted information and providing notice to potentially affected individuals and applicable state regulators.
Global compliance
Conducted a detailed review of the human resources operations of a large pharmaceutical company to assess compliance with data protection and privacy laws and regulations in both the U.S. and EU, in anticipation of possible certification under the U.S.-EU Safe Harbor regime. Our extensive written report described potential compliance issues and recommended specific remedial actions.
Advice on the collection and use of employee data
Advised a major pharmaceutical client on the collection and use of its employees’ biometric information and social security numbers for internal purposes.
Policies surrounding pre-hire background checks
Advised a major sports league on the procedures for conducting pre-hire background checks under the Fair Credit Reporting Act (FCRA) and state law, and drafted appropriate contract language and consent forms accordingly.
Advice on the monitoring of employee communications
Conducted a pan-European and selective U.S. survey of laws and regulations affecting an employer’s right to monitor employee’s Internet use and review electronic communications. We have also advised numerous clients on the law governing call recording and access to (and disclosure of) employee e-mail, including in connection with several personal crises and actions.
Privacy-related issues in connection with an acquisition
Drafted privacy-related provisions for use in data processing and outsourcing arrangements and advised on state and tort-based employee privacy laws in connection with a proposed acquisition.
Privacy training for employees
Prepared extensive privacy training materials and participated in training sessions for employees of European subsidiaries of a U.S.-based company.
European General Data Protection Regulation: What You Need to Know
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
Artificial Intelligence
May 23, 2017, Cloud, Big Data and AI Conference, Seattle, Washington
Data Privacy and National Security
April 21, 2017, Luxembourg Forum (Triannual Meeting Between the United States Supreme Court and the European Court of Justice), Washington, DC
GDPR Planning and Preparation Conference for Employers
March 30, 2017, Business Forums International Ltd.
March 6, 2017, Business Insurance
Lindsay Burke is quoted in a Business Insurance article regarding the risks associated with internal office chat applications. “People think of it as a casual form of communication,” Burke says, “and they forget that it’s business and usually the company is keeping a record of the communication. And if the company finds itself in litigation, then the discovery ...
March 25, 2014, Covington E-Alert
EU Data Privacy Notices
December 10, 2004, Covington E-Alert
November 1, 2004, Covington E-Alert
October 14, 2004, Covington E-Alert
August 13, 2004, Covington E-Alert
July 23, 2004, Covington E-Alert
July 15, 2004, Covington E-Alert
May 21, 2004, Covington E-Alert
December 8, 2003, Covington E-Alert