With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020. But the rapid pace of privacy legal developments could continue next year. This past year, five states established studies or task forces to study … Continue Reading
On July 25, New York Governor Andrew Cuomo signed two data security and breach notification bills into law. The first bill, the “Stop Hacks and Improve Electronic Data Security Act” or “SHIELD Act,” will impose specific data security requirements on businesses that own or license private information of New York residents, in addition to amending … Continue Reading
As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500). Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading
As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading
New York Attorney General Eric T. Schneiderman announced this week that there were a record number of data breach notices in New York in 2016, with nearly 1,300 reported data breaches exposing the personal records of 1.6 million New Yorkers. These numbers represented a 60 percent year-over-year increase in the number of data breaches reported, … Continue Reading
Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016. That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This … Continue Reading
On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks. As we covered when Governor Andrew Cuomo announced this first-in-the-nation … Continue Reading
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will become … Continue Reading
This morning, the House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess (R-TX), held a hearing to determine what elements should be included in federal data breach legislation. Despite the momentum for legislation created by high-profile breaches at retailers like Target and Home Depot, and most recently at Sony, ongoing efforts in … Continue Reading
On the heels of a number of well-publicized data security breaches, a White House data breach proposal, and California’s recent changes to its data breach notification statute, New York Attorney General Eric Schneiderman has announced that he will propose legislation to strengthen New York’s data breach notification law. The legislation had not been made public … Continue Reading
By David Fagan and Sumon Dantiki Recently several media outlets reported that the New York State Department of Financial Services (“NYDFS”) sent a letter to many of the nation’s banks, regarding the “level of insight financial institutions have into the sufficiency of cybersecurity controls of their third-party service providers.” The letter requested financial institutions to … Continue Reading
Earlier this week, Twitter appealed a New York state judge’s ruling that required the company to produce an Occupy Wall Street protestor’s tweets, email address, and certain subscriber information. The trial court judge had reasoned that the public nature of Twitter meant that the defendant lacked privacy interests in his tweets and that the government’s … Continue Reading
Two bills have been proposed in the New York State Legislature that aim to de-anonymize online commenting. The proposed Internet Protection Act — introduced in the identical bills S.6779 and A.8688 —would amend New York civil rights law to require a website administrator upon request to “remove any comments posted on his or her web … Continue Reading
Rep. Eliot Engel (D-NY) recently introduced a bill in the U.S. House of Representatives that would prohibit employers from requiring current and prospective employees to disclose website usernames, passwords, and other online content. The Social Networking Online Protection Act (SNOPA), H.R. 5050, also would apply to students at colleges, universities, and K-12 schools, and impose a … Continue Reading
A California law that took effect on January 1, 2011 makes it a crime to impersonate someone online. Any person who knowingly and without consent impersonates another actual person through electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a misdemeanor. “Electronic means” is defined to include opening an … Continue Reading
