New York

Privacy World Week in Review

By Kristin Bryan on July 17, 2023

Posted in AI, China, Consumer Data Protection Act (CDPA), Consumer Protection, Data Privacy, Digital Assets, EU-US Data Protection Framework, Finance, New York, SCOPE Act, Singapore, Social Media, Targeted Advertising, Technology, Texas, UK

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

NYDFS Revises Its Proposed Amendments to Cybersecurity Regulations

By Shea Leitch, Glenn A. Brown & Ericka Johnson on July 12, 2023

Posted in Cybersecurity, Data Privacy, New York, New York Department of Financial Services

As we reported in a previous blog post, the New York Department of Financial Services (“NYDFS”) proposed a raft of amendments to its landmark Cybersecurity Regulations (the “Regulations”) in 2022 (the “2022 Proposed Amendment”), adding substantial complexity to covered entities’ compliance obligations. Now, less than a year later, the NYDFS has published a proposed revised draft of the 2022 Proposed Amendment (as revised, the “2023 Proposed Amendment”). While not as extensive as the 2022 Proposed Amendment, the 2023 Proposed Amendment will nevertheless have a significant impact on how your organization complies with the Regulations.Continue Reading NYDFS Revises Its Proposed Amendments to Cybersecurity Regulations

Health (and Health-ish) Data and Advertising Under Scrutiny

By Alan Friel, Julia Jacobson, Kyle Fath, Kyle Dull, Gicel Tomimbang & Sasha Kiosse on June 20, 2023

Posted in California, CCPA, Colorado, Compliance, Connecticut, Consumer Protection, Data Privacy, Federal Trade Commission (FTC), HBNR, Healthcare, MHMD, Nevada, New York, Targeted Advertising, Virgina, Virginia Consumer Data Protection Act (VCDPA), Washington

In 2020, when the California Consumer Privacy Act (CCPA) came into effect, the privacy landscape in the US changed forever. Fast forward three years, we now have close to a dozen states that have passed consumer privacy laws, with the second generation of consumer privacy laws giving particular attention to sensitive data. In particular, there is an emerging trend, in both new legislation and enforcement of existing privacy and consumer protection regimes, towards a focus on the collection, use, and sharing or selling of health-related personal information, specifically information that is outside the scope of the federal Health Insurance Portability and Accountability Act (HIPAA).[1] The effect is a restriction on what publishers, advertisers, and other commercial enterprises can do with consumer health information, often broadly defined to include any past, present or future health status or inference regardless of sensitivity (e.g., acne or a headache). These developments include:
Continue Reading Health (and Health-ish) Data and Advertising Under Scrutiny

New York Releases Data Security Guide to Help Businesses Protect Personal Information

By Kyle Fath, Kristin Bryan & Sasha Kiosse on April 20, 2023

Posted in Attorney General, Compliance, Cybersecurity, Data Breach, Data Privacy, New York, US

On April 19th, New York’s Attorney General, Letitia James, released a document titled, “Protecting consumer’s personal information: Tips for businesses to keep data safe and secure” (the “guide”), a resource to help businesses adopt effective data security measures. It draws on the Office of the Attorney General’s (“OAG”) experience investigating and prosecuting cybersecurity breaches,…

Privacy World Week in Review

By Kristin Bryan on February 6, 2023

Posted in Biometric data, Biometric Information Privacy Act (BIPA), BIPA, California, Class Action, Cybersecurity, Data Breach, Data Privacy, GDPR, General, General Data Protection Regulation (GDPR), Illinois, Litigation, New York, Privacy Litigation, Privilege, SEC, Team News, US, US, Webinar

BREAKING: Illinois Supreme Court Sets Five-Year Statute of Limitations for All BIPA Claims | Privacy World

SPB’s Julia Jacobson and…

Madison Square Garden’s Use of Facial Recognition Software to Create “Enemy Ban” For Adverse Attorneys Draws Scrutiny, Reflects Changing Uses of Biometric Software

By Kristin Bryan, Christina Lamoureux & Lauryn Durham on February 1, 2023

Posted in Biometric, Biometric data, Biometric Privacy Act, Cybersecurity, Data Privacy, General, New York, New York, Privacy, US, US

While Madison Square Garden might normally make headlines for musical artists or sporting events, the venue’s parent company, MSG Entertainment, has been in the spotlight following media and regulator attention regarding its use of facial recognition technology to ban certain individuals from its venues. Read on to learn more and its implications for other uses…

Xavier Balderas Cejudo, Unsplash

BREAKING: Former Uber CSO Convicted of Criminal Obstruction and Concealment of a Felony for 2016 Data Breach Cover Up

By Kristin Bryan & Sasha Kiosse on October 5, 2022

Posted in Attorney General, California, CCPA, Class Action, Cloud, Colorado, Compliance, Connecticut, Cyber Insurance, Cybersecurity, Cybersecurity, Data Breach, Data Breach, Data Privacy, Data Privacy, Florida, FTC, General, Illinois, Litigation, Massachusetts, New York, New York, Ohio, Oklahoma, Pennsylvania, Privacy Litigation, Privacy Litigation, Ransomware, SEC, Texas, US, Utah, Virgina, Washington, Wisconsin

After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).

Recall that back in 2016, two hackers stole data…

The NYDFS Proposes Substantial Amendments to Cyber Regulations

By Glenn A. Brown & Julia Jacobson on September 1, 2022

Posted in Compliance, Cybersecurity, Data Breach, Data Privacy, FTC, General, New York, Ransomware, SEC, US

The New York Department of Financial Services (“NYDFS”) recently posted a request for public comment on a set of proposed amendments to NYDFS’ current “Cybersecurity Requirements for Financial Services Companies” (“Regulations”).[1] The amendments to the Regulations (“Pre-Proposal Amendments”) are in the “pre-proposal” phase, meaning that the NYDFS will issue official proposed amendments in the near future. Once official proposed amendments are issued, a 60-day public comment period starts, which means that amended Regulations likely will take effect sometime in 2023. In the meantime, entities subject to the Regulations should review the Pre-Proposal Amendments to help ensure sufficient time and resources to implement new requirements.

As background, the Regulations became effective on March 1, 2017, but followed a phased implementation process. The Regulations apply to all entities licensed by the NYDFS (“covered entities”), including banks, insurance companies, money transmitters and other financial services firms doing business in New York. The last phase of the Regulations was implemented in March 2019, at which point the Regulations were fully effective.Continue Reading The NYDFS Proposes Substantial Amendments to Cyber Regulations

Privacy World