What Will 2024 Bring?
More Consumer Privacy Laws To date, 13 states have passed consumer privacy laws, and we expect more to follow suit in 2024. We expect that these new states will follow the post-CCPA trend of excluding employment-related data from protection under these new laws, unlike California, where such data is subject to the CCPA/CPRA requirements. No Federal Law Preempting State Consumer Privacy Laws Despite bipartisan efforts in recent years to pass a federal consumer privacy law, the prospects for passage of any law in the near future are dim. The primary hurdles to passage of a federal law relate to disagreements over preemption of state laws and whether consumers should have private right of action for violations of a federal law. The parties are unlikely to reach agreement in 2024 in a divided Congress that has shown little appetite for cooperation. Remote Worker Oversight Will Remain a Challenge As employers continue to seek out avenues to more closely monitor remote workers, state legislatures will look to laws like New York’s 2022 electronic monitoring law as a model for requiring advance notice and consent. Cybersecurity Once Again Takes Center Stage Ransomware and other cyberattacks will continue to plague businesses small and large in 2024, with vendors – including payroll vendors, a particular concern for employers – becoming a favorite target because of the vast amount of PII often in their possession. Federal regulators will look to increase reporting obligations to ensure that businesses are sharing information relating to these attacks. This will allow government officials to not only to investigate cybersecurity practices for potential violations of legal obligations, but also to gather data that can be sued collectively to help provide guidance to avert future attacks.
AI Focus AI Privacy Issues Take Center Stage
The vast amount of personal data available to AI systems poses a challenge in terms of protecting the privacy of personal information and preventing potential identity theft. Deepfakes and the relative ease of social engineering could make phishing, ransomware, and other cyberattacks more potent. Cyberbullying through AI is already occurring, and employers may find themselves challenged to determine the scope of their potential obligations when disputes arise among employees. Employers may also find it difficult to distinguish legitimate threats and violations of company policy from those that are fabricated through the use of AI. You may need to revisit existing privacy policies to take into account unique challenges posed by AI.
Made with FlippingBook - professional solution for displaying marketing and sales documents online