Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use. Failure to comply with such obligations can lead to significant financial and reputational harm. In a...more
Virtually all organizations have an obligation to safeguard their personal data against unauthorized access or use, and, in some instances, to notify affected individuals in the event such access or use occurs. Those...more
7/16/2024
/ Biometric Information ,
Covered Entities ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Incident Response Plans ,
Notification Requirements ,
Regulation S-P ,
Risk Assessment ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Telecommunications
The New York State Department of Labor has issued revised materials, including an updated mandatory model policy, ahead of the June 19, 2024, effective date for the transition of workplace lactation breaks from unpaid to paid...more
Cross Border Transfers of Data.
UK Data Transfers. The UK government has published a U.S. “adequacy decision” which permits U.S. organizations that have certified to the EU-US Data Privacy Framework (DPF) and UK Extension...more
11/6/2023
/ California Consumer Privacy Act (CCPA) ,
Canada ,
Cross-Border ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
EU ,
Federal Trade Commission (FTC) ,
Form 10-K ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NIST ,
Personal Information Protection Law (PIPL) ,
Securities and Exchange Commission (SEC) ,
State Privacy Laws ,
UK
This summer, the Securities and Exchange Commission (SEC) adopted rules to enhance and standardize disclosures by public companies regarding cybersecurity risk management, strategy, governance, and incidents....more
The New York Department of Financial Services (DFS) has been increasingly active in enforcing the rigorous cybersecurity requirements imposed on “covered entities” under 11 NYCRR Part 500 (Reg 500). DFS has published an...more
June 9th marked the deadline for financial institutions, including certain non-banking institutions that collect or maintain sensitive customer information (e.g., car dealerships), to implement a comprehensive information...more
6/15/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Breach Notification Rule ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Protection ,
Employee Training ,
Federal Trade Commission (FTC) ,
Financial Institutions ,
International Data Transfers ,
Personal Information ,
Solicitation
Just as businesses are preparing to ensure compliance with similar laws in California, Colorado, and Virginia, they soon will need to consider a fourth jurisdiction, Utah. On March 24, 2022, Governor Spencer Cox signed a...more
The New York State Commissioner of Health rescinded the designation of COVID-19 as a “highly contagious communicable disease that presents a serious risk of harm to the public health under the HERO Act” (Health and Essential...more
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities. ...more
5/12/2021
/ Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Privacy ,
Data Selling ,
Hospitality Industry ,
New York ,
Private Right of Action ,
Retailers ,
SHIELD Act