USA – NORTH CAROLINA Law and Practice Contributed by: Phillip Strach, Alyssa Riggins, Nathaniel Pencook and Cassie Holt, Nelson Mullins Riley & Scarborough LLP
the employer’s customers and employees are routine - ly upheld, even when there is no geographic restric - tion. Even so, employers should limit those restrictions to customers and employees of the employer for a period of time (usually a year) prior to termination, as North Carolina courts deem the look-back period part of the temporal restriction, which needs to be reason - able to be enforced. 3. Data Privacy 3.1 Data Privacy Law and Employment Protection of personal data has become a focus of legislative efforts at all levels. With increased scrutiny on data privacy practices arising in European coun - tries, many states across the USA are beginning to fol - low suit. Now more than ever, employers must be cog - nisant of previously established privacy-related laws, along with industry trends towards over-inclusivity. Industry groups such as the International Association of Privacy Professionals (IAPP) offer more in-depth guides for navigating privacy concerns across various employment sectors. Federal Considerations for Multi-State and Multinational Employers Common privacy issues and areas global employers should consider include: • employee health information and records; • records relating to and obtained via background checks; • response standards and mechanisms for data breaches; • possession and use of student or education-relat - ed data; and • the use of and marketing or sale of personally iden - tifiable information (PII). The following examples of laws and areas of work may have greater implications with respect to employee personal privacy issues: • the Health Insurance Portability and Accountability Act (HIPAA) and the protections of employee per - sonal health records;
• the ADA, which regulates when, how, and for what purposes an employer may access employee health information; • the FMLA and the limits on obtaining and/or disclosing certain information relating to covered employee leave; • the Fair Credit Reporting Act (FCRA) and its applications to conducting employee background checks; • the Family Educational Rights and Privacy Act for any company operating in spaces including stu - dent data; and • enforcement actions by various federal agencies including the FTC, the Department of Health and Human Services (DHHS), the Consumer Financial Protection Bureau (CFPB), the Federal Communi - cations Commission (FCC), the Equal Employment Opportunity Commission (EEOC) and others. With ever-increasing data breaches, many global employers have also instituted internal policies and response mechanisms, with some even hiring desig - nated privacy teams. Currently, there are no federal laws regarding standardised responses relating to data breaches. It is in this area that many employers look abroad for guidance. A growing trend in data privacy has seen companies turning to foreign and domestic guidance in craft - ing privacy policies and dealing with related issues. In recent years, an increasing number of employers have begun self-certifying pursuant to the strict Gen - eral Data Protection Regulation (GDPR) standards via either contractual commitments or participating in the federal government’s Data Privacy Foundation certifi - cation (the “US Privacy Shield”). While there is no absolute way to guarantee universal compliance, global employers operating in the USA should strongly consider opting for stricter self-gov - ernance and applying standards that may be stricter than required. The GDPR’s standards – along with compliance with long-standing laws such as those discussed earlier – are quickly becoming a recom - mended industry norm, especially if an employer is involved in any way with the retention or handling of employee health records and data.
769 CHAMBERS.COM
Powered by FlippingBook