Kilpatrick’s Evan Nadel recently presented on “Generative AI, Cybersecurity and Privacy” at a special CLE sponsored by the firm. He discussed new developments in cybersecurity laws, the increase in claims under state privacy laws concerning tracking technology used on websites, and suggestions for how to mitigate exposure to these claims.
Evan’s top 5 takeaways from his presentation include:
1. New York’s SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) strengthens New York’s data security laws by expanding the definition of “private information,” requiring companies to implement robust data security safeguards, and mandating notice and reporting for data breaches.
2. The New York SHIELD Act does not have a private right of action, but the NY Attorney General can enforce it and seek fines and penalties up to $250,000.
3. California’s Invasion of Privacy Act (“CIPA”) is being aggressively used to challenge the deployment of common tracking technology on websites, including through cookies, pixels, and beacons.
4. CIPA is a pre-Internet wiretapping law that has provisions prohibiting the use of “pen register” and “trap and trace” devices that do not capture the content of communication. Some California courts have found those provisions applicable to tracking tools on websites.
5. Companies can mitigate CIPA exposure by revising cookie pop-up banners to clearly require users’ consent to information sharing and acceptance of the website’s privacy policy and terms of use.
