Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
Will the SHIELD Act Accomplish Its Goal of Effectively Combatting Patent Trolls?
In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law. The Bills introduce a maximum thirty-day timeframe...more
In March 2020, the Cybersecurity Mandate within New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) went into effect. In its entirety, the SHIELD Act expanded breach notification obligations for...more
In an era where digital information flows ceaselessly, the specter of data breaches looms large. Whether these breaches are the result of deliberate attacks or unintentional leaks, they can range from being merely...more
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular topics from 2023....more
Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According...more
As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York...more
On April 17, the Washington legislature passed the My Health My Data Act (MHMD Act), which includes some of the most restrictive provisions in any U.S. state privacy law....more
What data can companies collect, and how long can they keep it? Our Privacy, Cyber & Data Strategy Team outlines best practices for companies to comply with international, federal, and state laws and guidance to avoid...more
As the year comes to a close here are some of the highlights from the Workplace Privacy, Data Management & Security Report with our Top 10 most popular posts of 2022:.....more
New York’s Cybersecurity mandate under the New York SHIELD Act became effective on March 22, 2020. This unfortunate timing, considering its alignment with the beginning of COVID-19 shutdowns, created an almost unspoken...more
New York's SHIELD Act, which became effective on March 21, 2020, requires persons and organizations that own or license electronic data that includes New York resident’s private information to maintain reasonable...more
In a sign that it may be stepping up enforcement of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”), the New York Attorney General’s Office (“NYAG”) announced on June 30, 2022 that it had reached...more
When it comes to ensuring enterprise data is safe, understanding recent rulings from different regulatory bodies and how they affect your organization is a vital first step, followed by reasonable measures to further...more
The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD...more
On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information...more
Earlier this month, the New York Attorney General’s Office issued findings of its investigation into a data security incident involving EyeMed Vision Care LLC (“EyeMed”) as well as the agreement that it entered into with the...more
After reading New York Attorney General Letitia James’ Business Guide for Credential Stuffing Attacks (“Guide”), I promptly reminded my family (and myself!) to change passwords. The practice of using the same password for...more
Over the past several years, if your organization experienced a cyberattack, such as ransomware or a diversion of funds due to a business email compromise (BEC), and you had cyber insurance, you likely were very thankful....more
As businesses find useful new ways to harness the evolving technology that captures and analyzes human biometric data, legal regulation of such technology’s usage is also developing, responding to concerns about personal...more
In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the...more
Global data privacy legislation has steadily advanced over the past several years, with one of the most comprehensive and well-known laws being the General Data Protection Regulation (GDPR), governing personal data...more
In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of...more
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities. ...more
On January 6, 2021, a bipartisan group of New York State lawmakers introduced Assembly Bill 27, the latest version of proposed privacy legislation that would allow consumers to sue companies for improperly using or retaining...more
Is it hyperbolic to say that never before have we seen a quieter, yet more anticipated and welcome end to a year than in 2020? For some, 2020 is a year the sooner forgotten, the better. In data privacy and security law, a lot...more