AGG Compliance News Flash

This month Portugal adopted its new data protection law, “Lei de Execução do Regulamento Geral sobre a Proteção de Dados” (English translation: “Execution Law of the General Data Protection Regulation (GDPR).”) To enter into force, the new law must be signed by the President and then published in the Official Journal. It will then enter into force a day after publication in the Official Journal. That leaves European Union (EU) member states Greece and Slovenia as the only EU member states who have not passed GDPR-implementing legislation. Why is GDPR-implementing legislation important? Because, while the GDPR is about harmonizing data protection rules throughout Europe, it does provide for certain areas where EU member states "shall" and "may" carve out exceptions within the articles of the regulation. This requires implementing legislation at the member state level.

Immigration and Customs Enforcement (ICE) announced new and increased fees for international students, exchange visitors, and SEVP-certified schools. The new fees will take place June 24, 2019. Examples—increases the I-901 SEVIS Fee for F and M international students ($200 to $350) and includes a new fee on schools when a SEVP-certified schools files a petition for recertification ($1,250). Click here to read more.

The City Council of Kansas City, Missouri unanimously passed an ordinance effective October 31, 2019 that bans private employers with six or more employees from asking job applicants about their salary history. Private employers need to be aware of the growing number of states and cities enacting salary history bans during the hiring process. Other states and cities to be aware of—California, Connecticut, Delaware, Hawaii, Massachusetts, Oregon, Vermont, New York City, Philadelphia, and San Francisco. For a good overview, click here.

The Federal Trade Commission (FTC) issued a final rule rescinding several Model Forms and Disclosures under the Fair Credit Reporting Act that the FTC determined to be no longer necessary. Among others, the FTC rescinded the Notice of Furnisher Responsibilities and the Notice of User Responsibilities. Covered entities should look to the Consumer Financial Protection Bureau (CFPB) for the appropriate forms and disclosures.

Time to revisit your information security policies and procedures. A recent report indicates that human error or accidental loss by an external vendor or source are leading causes of company data breaches. Data most often exposed includes consumer dates of birth and social security numbers, followed by personal health information. All of which would likely trigger state breach notification laws, which are in effect in all 50 states. Click here and here for more information.