The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
1/20/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CMIA ,
Consumer Privacy Rights ,
Contractors ,
Cookies ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Covered Business ,
Data Breach ,
Data Deletion ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
For-Profit Corporations ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Record Retention ,
Sensitive Personal Information ,
Third-Party
New data privacy and security concerns arise as multi-unit residential buildings implement new technologies to manage access, strengthen security, regulate compliance with internal policies and legal requirements, and improve...more
In a groundbreaking move, likely to have significant impact on employee hiring and HR tech, the New York City Council has passed a measure (“the NYC measure”) that bans the use of automated decision-making tools to (1) screen...more
12/20/2021
/ Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Audits ,
Automated Systems ,
Bias ,
California Privacy Rights Act (CPRA) ,
Civil Rights Act ,
GINA ,
Hiring & Firing ,
Human Resources Professionals ,
New York ,
State Labor Laws ,
Title VII ,
Wage and Hour
Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their...more
11/19/2021
/ Electronic Communications ,
Email ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Employer Liability Issues ,
Mobile Devices ,
New York ,
Notice Requirements ,
Private Right of Action ,
Written Notice
Restaurants in New York City will soon gain access to valuable information about their delivery customers. On July 29, 2021, the New York City Council approved a bill requiring third-party food delivery services (“FDS”),...more
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of...more
6/8/2021
/ Breach Notification Rule ,
Consumer Privacy Rights ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Data Breach ,
New York ,
Personal Information ,
Policies and Procedures ,
Settlement Agreements ,
SHIELD Act ,
State Attorneys General ,
Websites
On May 13th, New York State Senator Kevin Thomas, Chair of NY’s Consumer Protection Committee, reintroduced the New York Privacy Act (“NYPA”), a comprehensive consumer privacy law similar in kind to the California Consumer...more
5/26/2021
/ Anti-Discrimination Policies ,
California Consumer Privacy Act (CCPA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Controller ,
DPPA ,
Duty of Care ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
New York ,
Opt-In ,
Personal Data ,
Personally Identifiable Information ,
Private Right of Action ,
Proposed Legislation ,
Right to Delete ,
Written Notice
As we noted in our last post, there has been a flurry of data privacy and security activity in New York, with the State appearing poised to join California as a leader in this space. Most recently, on April 29, 2021, the New...more
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities. ...more
5/12/2021
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Selling ,
Hospitality Industry ,
New York ,
Private Right of Action ,
Retailers ,
SHIELD Act
COVID-19 drove many formerly in-person interactions onto a variety of video conferencing platforms. But as millions of vaccinations are administered each day, and case numbers decline, it’s now possible to imagine and plan...more
4/13/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consent ,
Coronavirus/COVID-19 ,
Data Privacy ,
General Data Protection Regulation (GDPR) ,
Mitigation ,
Personal Information ,
Policies and Procedures ,
Privacy Notice Rule ,
Remote Working ,
Video Recordings ,
Videoconference
In 2018, the California Consumer Privacy Act (“CCPA”), which provides for an expansive array of privacy rights and obligations, was enacted. At the time, it was reasonable to wonder whether California’s bold example would...more
3/24/2021
/ California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CDPA ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Brokers ,
Data Deletion ,
Duty of Care ,
New York ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Policies and Procedures ,
Private Right of Action ,
Third-Party ,
Written Consent
Already at the cutting edge of U.S. privacy law, California jumped even further ahead of the pack with the recent approval by State voters of the California Privacy Rights Act (“CPRA”). The CPRA, which builds upon the...more
On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). Reg...more
Over the past few months, businesses across the country have been focused on the California Consumer Privacy Act (CCPA) which dramatically expands privacy rights for California residents and provides a strong incentive for...more
For years now, state laws have required subject organizations to provide notification to affected data subjects and, in some instances, to state agencies, consumer reporting agencies, and the media, when they experience a...more
9/19/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Governor Newsom ,
Opt-Outs ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete
New York has enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) to amend the state’s data breach notification law to impose more expansive data security and data breach notification requirements on...more
On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which...more
During a presentation at the Professional Services Council Federal Acquisition Conference on June 13, 2019, a high-ranking Department of Defense (“DoD”) official announced, with dramatic flair, that cybersecurity is an...more
The New York Times newly established Privacy Project, recently highlighted the extent to which our society has created a “facial recognition machine” – cameras are everywhere, even in doorbells. Segments of society have...more
The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching. As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and...more
The flood of massive data breaches – including, most recently, the Equifax breach that compromised the personal data of around 145 million U.S. consumers – has increased the pressure on Congress to pass sweeping federal data...more
The New York State Department of Financial Services (DFS) has set cybersecurity regulations that require minimum standards for protecting the customer information and information systems of the financial services industry....more
The deadline to comply with the first set of requirements under the new DFS Cybersecurity Regulations (“the Regulations”) is here! By today, August 28, 2017, businesses subject to the Regulations must ensure that...more
Several years ago, cyber criminals developed a profitable form of malware, now known as ransomware. A “ransomware” attack occurs when a hacker takes control of the victim’s information systems and encrypts its data,...more
That an actual breach of client information could expose your law firm to legal and business risks is unsurprising. The risks posed by a potential breach, however, may be something your firm has not yet carefully considered...more