ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
The SEC has now finalized its much anticipated rules for public companies’ cybersecurity disclosures. The final rules, published this month, require disclosure of certain cybersecurity incidents much sooner than under many...more
9/28/2023
/ Cybersecurity ,
Data Breach ,
Data Security ,
Final Rules ,
Form 8-K ,
Privacy Laws ,
Regulation S-K ,
Regulatory Requirements ,
Risk Assessment ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Imagine arriving at the office to find 20 bankers' boxes full of 20,000+ individual arbitration demands. The claims appear identical and non-meritorious. But to even get a chance to make an argument, it will cost you nearly...more
New York’s Local Law 144 of 2021 will finally go into effect on July 5, 2023, after several delays. As we previously discussed, the law requires employers to provide candidates for employment and promotion with notice about...more
The US Department of Health and Human Services recently updated its guide to help the private and public healthcare sectors develop cybersecurity protocols that address NIST’s Framework for Improving Critical Infrastructure...more
Three days. Starting September 1, 2023, that is all federally insured credit unions will have to report cyber incidents.
The rule, approved on February 16, 2023, broadly defines cyber incident to include any incident that...more
The New York and Pennsylvania AGs settlement with Herff Jones from late last year provides guidance to businesses about expected security measures as we enter into 2023. The case arose after Herff Jones, producer and seller...more
2/2/2023
/ Consumer Information ,
Credit Cards ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Selling ,
Federal Trade Commission (FTC) ,
New York ,
NYDFS ,
Pennsylvania ,
Privacy Laws ,
Risk Assessment ,
Settlement ,
State Attorneys General
An Illinois state appellate court’s recent ruling will impact how companies consider compliance with Illinois’ Biometric Information Privacy Act (BIPA). That court ruled companies must have a BIPA-compliant written...more
12/16/2022
/ Appeals ,
Appellate Courts ,
Biometric Information ,
Biometric Information Privacy Act ,
Chapter 15 ,
Data Privacy ,
Privacy Laws ,
Privacy Policy ,
Reversal ,
State Privacy Laws ,
Tracking Systems
New York’s Attorney General Letitia James recently secured a $1.9 million settlement from online retailer Zoetop Business Company, Ltd. to settle allegations that Zoetop had improperly handled a 2018 data breach and...more
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made...more
9/28/2022
/ Artificial Intelligence ,
Employee Privacy Rights ,
Employer Liability Issues ,
Hiring & Firing ,
Job Applicants ,
Job Promotions ,
New Legislation ,
New York ,
Notification Requirements ,
State Privacy Laws ,
Tracking Systems
The New York Attorney General recently announced a data security-related settlement with Wegmans Food Markets. The issue arose in April 2021 regarding a cloud-based incident. At that time a security researcher notified...more
In a recent letter to the UK law society, the UK Information Commissioner’s Office and the National Cyber Security Centre have provided lawyers with advice about ransomware payments...more
Maryland recently passed two companion bills amending the state’s Personal Information Protection Act. The bills modify the data breach notification requirements and scope of businesses subject to the data security...more
The FTC recently reminded companies that principles of fairness and the likelihood of harm may in some cases prompt breach notification. This requirement might exist even if state breach notice laws have not been triggered...more
The New York AG recently issued information about steps companies can take to protect against credential stuffing attacks, and how to handle them if they occur. The guidance makes up a majority of a larger AG report on...more
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
The SEC’s enforcement action with a leading seller of market data (App Annie Inc.) signals its concern with misleading data use representations. While the data at issue was not “personally identifiable” information, but...more
The SEC recently announced a settlement with Pearson plc where the company has agreed to pay $1 million to settle charges that it misled investors about a 2018 cyber incident. According to the order, Pearson made misleading...more
The FTC recently voted to authorize the use of compulsory processes—the FTC’s primary investigatory tools—on what it calls “key law enforcement priorities.” The resolutions allow investigators to take actions like issuing...more
The New York State Department of Financial Services recently announced new guidance addressing ransomware attacks, and highlighting cybersecurity measures to significantly reduce the risk of an attack. The guidance comes as...more
7/13/2021
/ Confidential Information ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
FBI ,
Financial Institutions ,
Financial Services Industry ,
Information Technology ,
New Guidance ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Ransomware ,
Supply Chain
New York City recently enacted a biometric ordinance that is set to come into effect July 9, 2021. With this ordinance, NYC joins other cities (like Portland) in regulating the use of biometric information. The ordinance may...more
The Supreme Court’s recent decision in Van Buren addressed the meaning of the term “exceeds authorized access” under the Computer Fraud and Abuse Act (CFAA). The Court held, in a criminal case that alleged that the person...more
The New York State Department of Financial Services recently issued recommendations to financial institutions in the aftermath of the SolarWinds cyberattack. In that attack, hackers inserted malware into SolarWinds software...more
5/26/2021
/ Cybersecurity ,
Cybersecurity Framework ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Software ,
SolarWinds ,
Supply Chain ,
Third-Party Service Provider
China is continuing to move forward with its first comprehensive privacy law. China recently issued a second version of the draft Personal Information Protection Law (Draft PIPL) which will be open for public comments until...more
5/14/2021
/ Breach Notification Rule ,
China ,
Cross-Border ,
Cybersecurity ,
Data Breach ,
Data Localization Law ,
Data Privacy ,
Data Security ,
Data Transfers ,
General Data Protection Regulation (GDPR) ,
Penalties ,
Personal Information ,
Popular ,
Proposed Regulation