Tag Archives: New York

New York DFS Publishes FAQs on New Cybersecurity Regulations

As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500).  Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading

Developments in the Right to Be Forgotten

As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading

NY Data Breaches Reached Record Levels in 2016

New York Attorney General Eric T. Schneiderman announced this week that there were a record number of data breach notices in New York in 2016, with nearly 1,300 reported data breaches exposing the personal records of 1.6 million New Yorkers.  These numbers represented a 60 percent year-over-year increase in the number of data breaches reported, … Continue Reading

Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation

Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016.  That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This … Continue Reading

Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions

On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks.  As we covered when Governor Andrew Cuomo announced this first-in-the-nation … Continue Reading

New York State Proposes Cybersecurity Regulation for Financial Services Institutions

On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks.  The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will become … Continue Reading

House Debates Federal Data Breach Legislation

This morning, the House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess (R-TX), held a hearing to determine what elements should be included in federal data breach legislation.  Despite the momentum for legislation created by high-profile breaches at retailers like Target and Home Depot, and most recently at Sony, ongoing efforts in … Continue Reading

New York Attorney General Unveils Data Breach Proposal

On the heels of a number of well-publicized data security breaches, a White House data breach proposal, and California’s recent changes to its data breach notification statute, New York Attorney General Eric Schneiderman has announced that he will propose legislation to strengthen New York’s data breach notification law.   The legislation had not been made public … Continue Reading

Cybersecurity Regulators (Renew) Focus on Outside Vendors of Financial Institutions

By David Fagan and Sumon Dantiki Recently several media outlets reported that the New York State Department of Financial Services (“NYDFS”) sent a letter to many of the nation’s banks, regarding the “level of insight financial institutions have into the sufficiency of cybersecurity controls of their third-party service providers.”  The letter requested financial institutions to … Continue Reading

Federal Judge Denies Motion to Reconsider FACTA Lawsuit Dismissal

A New York federal judge last week affirmed his earlier dismissal of a civil action alleging that a restaurant chain willfully violated the Fair and Accurate Credit Transactions Act (“FACTA”). FACTA requires businesses that accept credit cards to redact from customers’ receipts the card’s expiration date and all but the last five digits of the … Continue Reading

Ex-Employee is Not Required to Produce iPhone in Discovery

A New York state appellate court recently ruled that a company does not have the right to access a former employee’s personal iPhone during discovery in employment litigation. As a financial analyst for AllianceBernstein, L.P., William Atha used his personal iPhone to contact clients, and he stored some clients’ contact information on the iPhone.  Shortly after … Continue Reading

Twitter Appeals Ruling Requiring It to Produce User’s Tweets and Subscriber Information

Earlier this week, Twitter appealed a New York state judge’s ruling that required the company to produce an Occupy Wall Street protestor’s tweets, email address, and certain subscriber information.  The trial court judge had reasoned that the public nature of Twitter meant that the defendant lacked privacy interests in his tweets and that the government’s … Continue Reading

NY Legislature Introduces Bills to Curtail Anonymous Online Commenting

Two bills have been proposed in the New York State Legislature that aim to de-anonymize online commenting. The proposed Internet Protection Act — introduced in the identical bills S.6779 and A.8688 —would amend New York civil rights law to require a website administrator upon request to “remove any comments posted on his or her web … Continue Reading

Rep. Engel Introduces Federal Bill to Limit Access to Social Networking Accounts

Rep. Eliot Engel (D-NY) recently introduced a bill in the U.S. House of Representatives that would prohibit employers from requiring current and prospective employees to disclose website usernames, passwords, and other online content.  The Social Networking Online Protection Act (SNOPA), H.R. 5050, also would apply to students at colleges, universities, and K-12 schools, and impose a … Continue Reading

California’s Online Impersonation Law Comes Into Effect

A California law that took effect on January 1, 2011 makes it a crime to impersonate someone online.  Any person who knowingly and without consent impersonates another actual person through electronic means for purposes of harming, intimidating, threatening, or defrauding another person is guilty of a misdemeanor.  “Electronic means” is defined to include opening an … Continue Reading
LexBlog