New York employers that monitor or otherwise intercept their employees’ electronic usage, access, or communication using any electronic devices or systems need to make sure they are following a state law enacted last year,...more
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President...more
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President...more
Recent decisions from the European Union (EU) have placed renewed focus on the use of common cookies used on ecommerce and other websites used by consumers and employees and transfers of personal data collected through...more
3/1/2022
/ Cookies ,
Corporate Counsel ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Schrems I & Schrems II
The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate”...more
Employers that monitor their employees’ electronic activities should note that New York State will soon require employers to (i) provide written or electronic notice to employees upon hiring of such monitoring in the...more
The Federal Trade Commission (“FTC”) recently issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by so-called “health apps.” The FTC press release indicated it has...more
As businesses find useful new ways to harness the evolving technology that captures and analyzes human biometric data, legal regulation of such technology’s usage is also developing, responding to concerns about personal...more
8/20/2021
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New York ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
SHIELD Act ,
State and Local Government
The Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) jointly published a new resource as part of their ongoing efforts to promote awareness of, and help...more
A recently discovered security vulnerability potentially affecting at least 100 million Internet of Things (“IoT”) devices[1] highlights the importance of the newly enacted IoT Cybersecurity Improvement Act of 2020 (the “IoT...more
Enacted on December 4, 2020, the Internet of Things Cybersecurity Improvement Act of 2020 (the “IoT Act”) is expected to dramatically improve the cybersecurity of the ubiquitous IoT devices.[1] With IoT devices on track to...more
As the COVID-19 pandemic wears on, and as states race to keep up with unprecedented volumes of claims for unemployment insurance (“UI”) benefits and relax certain requirements, like waiting periods, scam artists and criminals...more
In our previous blog, we featured the California Privacy Rights Act’s Enhanced Cybersecurity Safeguards. We now highlight significant privacy safeguards under the California Privacy Rights Act (“CPRA”) that will require...more
The California Privacy Rights Act (“CPRA”) leaps forward on cybersecurity by amending the California Consumer Privacy Act (“CCPA”) to impose enhanced protections. The CPRA enhancements apply to “for profit” companies and...more
On January 5, 2020, HR 7898, became law amending the Health Information Technology for Economic and Clinical Health Act (HITECH Act), 42 U.S.C. 17931, to require that “recognized cybersecurity practices” be considered by the...more
It's our first #WorkforceWednesday of 2021! The past year tested our resilience, and COVID-19 forced everyone to think creatively and adapt quickly. Nowhere was that seen more clearly than in the workplace.
Workplace Safety...more
1/6/2021
/ Americans with Disabilities Act (ADA) ,
Business Closures ,
Centers for Disease Control and Prevention (CDC) ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Employee Benefits ,
Employee Privacy Rights ,
Employer Group Health Plans ,
Employer Liability Issues ,
Employment Policies ,
Equal Employment Opportunity Commission (EEOC) ,
Furloughs ,
Health and Safety ,
Hiring & Firing ,
Human Resources Professionals ,
Labor Regulations ,
NLRB ,
Paid Leave ,
Personal Information ,
Re-Opening Guidelines ,
Remote Working ,
Return-to-Work Agreements ,
Sick Leave ,
Social Distancing ,
Vaccinations ,
Wage and Hour ,
Workplace Safety
On November 11, 2020, the European Data Protection Board (EDPB) issued eagerly awaited guidance for complying with the requirements of the General Data Protection Regulation (GDPR) for protecting the privacy rights of...more
There are cybersecurity lessons to be learned from high profile data breaches and the ensuing regulatory responses. The recent well-publicized Twitter hack is no different. According to the New York State Department of...more
New York attorneys could soon have to complete cybersecurity training courses to satisfy their continuing legal education (“CLE”) requirement. The House of Delegates of the New York State Bar Association (“NYSBA”) has...more
9/4/2020
/ American Bar Association (ABA) ,
Confidential Information ,
Continuing Legal Education ,
Cybersecurity ,
Law Firm Ownership ,
Popular ,
Professional Development ,
Rules of Professional Conduct ,
SHIELD Act ,
State Bar Associations ,
Training Requirements ,
Young Lawyers
It’s #WorkforceWednesday! This week we’re focusing on the long-term operations plans employers are putting in place due to COVID-19, whether it is utilizing extended remote work models or training their managers on return to...more
8/12/2020
/ Anti-Discrimination Policies ,
Anti-Harassment Policies ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Employer Liability Issues ,
Employment Policies ,
Hackers ,
Hiring & Firing ,
Phishing Scams ,
Policies and Procedures ,
Popular ,
Remote Working ,
Risk Mitigation ,
Wage and Hour
Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before. There is likely no going back....more
On March 10, 2020, the New York Department of Financial Services (“DFS”), which regulates a wide variety of financial institutions, including banks, insurance companies, and investment advisors doing business in New York,...more
Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee...more
2/6/2020
/ Cybersecurity ,
Data Management ,
Data Protection ,
Data Security ,
Gramm-Leach-Blilely Act ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Technology ,
New Legislation ,
NYDFS ,
Personal Data ,
Personally Identifiable Information ,
Risk Management ,
Security Standards ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
New York has joined California, Massachusetts, and Colorado in adopting a law that requires businesses that collect private information on residents to implement reasonable cybersecurity safeguards to protect that...more
8/13/2019
/ California Consumer Privacy Act (CCPA) ,
Cybersecurity ,
Data Collection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Legislation ,
NYDFS ,
Popular ,
SHIELD Act ,
State and Local Government ,
State Data Breach Notification Statutes
Technology, media, and telecommunications organizations are at the forefront of tackling new challenges in handling employee information and managing employee populations. As legislatures (from the federal level down to...more
3/26/2019
/ #MeToo ,
Cybersecurity ,
Data Protection ,
Digital Media ,
Employer Liability Issues ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
Over-Time ,
Sexual Harassment ,
Telecommunications ,
Unions ,
Wage and Hour ,
White-Collar Exemptions