Privacy and data protection

Colombia Adopta Normas Sobre la Protección de Datos Personales

Por Geida Sanlate, Philip Gordon, Santiago Martinez Méndez, and Juan Carlos Varela

Con la promulgación de nuevas regulaciones sobre la protección de datos personales, las empresas que operan en Colombia deben acogerse a estas políticas e implementarlas en sus empresas, para acatar la ley de privacidad colombiana. En octubre del 2012, se promulgó en Colombia la ley 1581, la cual se encarga de regular la protección de datos personales. El 27 de junio de 2013 a través del Decreto 1377 (el cual entró en vigencia a partir de su promulgación) el Gobierno reglamentó la Ley 1581. Para informarse sobre las principales disposiciones de las nuevas normas de la ley de protección de datos de Colombia, así como recomendaciones para que las empresas puedan cumplir completamente con estas nuevas normativas, continúe leyendo aquí.

Tags: Colombia

Colombia Adopts Regulations to Implement Its Data Protection Laws

By Geida Sanlate, Philip Gordon, Santiago Martinez Méndez, and Juan Carlos Varela

With the advent of new rules regulating the protection of personal data, companies with operations in Colombia must implement policies and practices to comply with Colombia's privacy law. In October 2012, Colombia enacted Law 1581to regulate the protection of personal data. On June 27, 2013, Colombia's executive branch issued Decree 1377, to implement various provisions of Law 1581. Decree 1377 went into effect immediately. For information on the key provisions of Colombia's new regulations for the protection of personal data, as well as recommendations for companies to ensure full compliance with these new rules, continue reading here.

Tags: Colombia

Nuevos Lineamientos del Aviso de Privacidad en México Requieren de una Acción Inmediata

El 17 de abril de 2013, los nuevos Lineamientos del Aviso de Privacidad en México entrarán en vigor, con la imposición de requisitos extensos para la adecuada elaboración del Aviso de Privacidad y para la obtención del consentimiento del titular previamente a que los datos personales se recaben directamente de una persona o en forma electrónica a través de "cookies", "web beacons" u otros medios automatizados. Las Lineamientos son obligatorios y particularmente importantes para los empleadores que obtienen, procesan y/o transfieren datos personales de los empleados o candidatos, así como para las empresas que operan o hacen uso de publicidad en México que utilizan medios tecnológicos que permiten la obtención automática de datos personales en el Internet. Para obtener más información acerca de los nuevos Lineamientos del Aviso de Privacidad en México, continúe leyendo la nota de Actualidad Laboral de Littler, Nuevos Lineamientos del Aviso de Privacidad en México Requieren de una Acción Inmediata, escrito por Javiera Medina Reza y Eduardo Osornio García.

Mexico's New Privacy Notice Guidelines Require Immediate Action

On April 17, 2013, Mexico's new Privacy Notice Guidelines will go into effect. The Guidelines impose extensive requirements for furnishing adequate data privacy notices and obtaining consent before personal data is collected directly from a person or electronically via "cookies," "web beacons" or other automated means. The Guidelines are mandatory and particularly important to employers that regularly collect, process, and/or transfer personal data about employees or job applicants, and to companies operating or advertising in Mexico that use media technology that automatically collects personal data online. To learn more about the Guidelines, please see Littler's ASAP, Mexico's New Privacy Notice Guidelines Require Immediate Action, by Javiera Medina Reza and Eduardo Osornio Garcia.

It's Official: The Supreme Court of Canada Concludes that Employees May Have a Reasonable Expectation of Privacy in Relation to Their Work-Issued Computers

By Christina Hall and Andrew Carricato

The Supreme Court of Canada released its eagerly awaited decision in R. v. Cole, 2012 SCC 53, on October 19, 2012. In the decision, the Court held that employees may have a reasonable, though diminished, expectation of privacy in personal information stored on their work computers - at least where the personal use of such devices is permitted or reasonably expected by employers. This reasonable expectation of privacy is protected by the Canadian Charter of Rights and Freedoms (the "Charter").

The Facts

Mr. Cole was an Ontario high-school teacher. In addition to his regular teaching duties, he was responsible for policing the use by students of their networked laptops. To this end, he was supplied with a laptop owned by the school board and he was given domain administration rights on the school's network. This allowed him to access the hard drives of students' laptops. Mr. Cole was also permitted to use his laptop for incidental personal purposes, which he did. He often browsed the Internet and stored personal information on the laptop's hard drive.

Mr. Cole's difficulties began when a school technician, performing maintenance activities on the school's network, found a hidden folder on Mr. Cole's laptop that contained nude photographs of a high school student. The technician reported his findings to the school principal who seized the laptop and handed the information over to the police. The police reviewed the information contained on the hard drive without first obtaining a search warrant. They proceeded to charge Mr. Cole with possession of child pornography and unauthorized use of a computer.

Continue Reading...

California's New Social Media "Password Protection" Law Takes a More Balanced Approach by Accounting for Employers' Legitimate Business Interests

Under a new California law, employers cannot request or require that applicants or employees:

  • Disclose social media log-in credentials;
  • Access personal social media in the employer's presence; or
  • Divulge any personal social media content.

However, an exception permits employers to ask an employee to divulge personal social media content that the employer "reasonably believe[s] to be relevant to an investigation of allegations of employee misconduct or employee violation of applicable laws and regulations."

To learn more about the law and its potential implications for employers, please continue reading Littler's ASAP, California's New Social Media "Password Protection" Law Takes a More Balanced Approach by Accounting for Employers' Legitimate Business Interests, by Philip Gordon and Lauren Woon.

Advances Between European Data Protection Law and U.S. Civil Litigation Duties

By Jessica Jacobi of Kliemt & Vollstadt (the Germany member of Ius Laboris)

LoginPassword.jpgIn a recently published open e-mail of June, 12, 2012, the EU Article 29 Working Party on Data Protection commented on a publication (December 2011) of the Sedona Conference called "International Principles on Discovery, Disclosure & Data Protection" ("International Principles"). The Sedona Conference is a U. S.-based private research initiative which addresses issues related to pre-trial discovery in U.S. civil courts and, in particular, the discovery of electronically stored information (ESI).

As opposed to the courts in civil law countries, U. S. courts operate with a procedure known as pre-trial discovery. In this pre-trial phase, information is gathered, and each party can obtain evidence from the opposing party as well as from non-parties. In litigation involving parties, witnesses, or ESI (Electronically Stored Information) located in the E.U., this "cross-border discovery" often conflicts with European Data Protection Law. The Sedona Conference's International Principles, published in draft form, are aimed at reducing the situations in which a conflict of laws arises and at providing recommendations for resolving conflicts when they do arise.

Continue Reading...

Employer May Not Demand List of Union Members

Pursuant to the resolution of the Supreme Court of 24 January 2012 (III PZP 7/11) a trade union may refuse to provide the employer with a list of union members, and such refusal does not release the employer from the obligation to consult the union in individual employee matters. In effect, every time the employer intends to give a notice of termination to an employee employed for an indefinite period of time, they should ask the union whether this employee is a member. If they are, the consultation is the second step of the procedure. The Supreme Court justifies its position on the grounds of the protection of employees' personal data, which include information on whether an employee is a union member.

No Right for Unsuccessful Job Applicant to Know Outcome of Recruitment Process

By Sophie Maes of Claeys & Engels (the Belgium member of Ius Laboris)

InterviewThe European Court of Justice (ECJ) has considered a significant issue that may arise where a job applicant is rejected by the prospective employer and brings a discrimination claim. What is the effect of the employer refusing to provide information about whether another candidate was appointed at the end of the recruitment process?

While the ECJ ruled that an employer in this situation does not have a positive obligation to disclose the relevant information, the judgment nonetheless suggests that a refusal to do so could be dangerous for employers in some circumstances.

The case concerned a job applicant who on two separate occasions was not invited to an interview for a similar position at the same company. She brought an action alleging race, sex and age discrimination, requesting that the company produce the file for the person who was ultimately hired. The company refused and the court referred the case to the ECJ, which clarified the legal position as follows:

  • A job candidate whose application was rejected and who claims plausibly that he or she meets the requirements listed in the advertisement for the position is not entitled to information indicating whether the employer hired another applicant at the end of the recruitment process.
  • However, the employer's refusal to grant any access to information is one factor the court may take into account in deciding whether facts have been established from which discrimination could be inferred.
Continue Reading...

Should U.S. Employers Be Asking Applicants and Employees for Social Media Log-in Information?

By Chris Leh of Littler Mendelson (the U.S. member of Ius Laboris)

SocialMediaIII.jpgEmployers continue to wrestle with the issue of whether to require employees and prospective employees to divulge their social media passwords. In the United States, a recent spike in interest by the media, advocacy groups, legislators and the general public has refocused attention on the issue. Although it may not be unlawful to seek the information, in most situations, it is inadvisable.

The efforts of law enforcement agencies to obtain social media log-in information to supplement background checks on prospective recruits have received the most notoriety. However, some private entities have engaged in the practice as well. For example, in New York a statistician withdrew his application when an interviewer at the company to which he had applied asked for his social media password.

Continue Reading...