A New York City Council bill amending the New York City Administrative Code to address customer data collected by food delivery services from online orders recently became law. Effective December 27, 2021, the law will permit restaurants to request customer data from third-party food delivery services and permit customers to opt out of the sharing. The law also imposes certain requirements and limitations regarding restaurants’ use and sharing of such data.
Continue Reading New York City to Require Food Delivery Services to Share Customer Data with Restaurants

On May 18, 2021, New York Attorney General (“AG”) Letitia James announced a settlement agreement with Filters Fast LLC (“Filters Fast”) over a data breach that compromised personal information of approximately 324,000 consumers nationwide, including over 16,500 New York state residents. The breach affected purchases made on Filters Fast website for almost a year – from July 16, 2019 to July 10, 2020.
Continue Reading New York AG Settles with Filters Fast After Data Breach

The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

The New York Department of Financial Services has issued a Cyber Fraud Alert to regulated entities in light of a growing campaign to steal Nonpublic Information, as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance.
Continue Reading NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites

On December 22, 2020, New York Governor Andrew Cuomo signed into law legislation that temporarily bans the use or purchase of facial recognition and other biometric identifying technology in public and private schools until at least July 1, 2022. The legislation also directs the New York Commissioner of Education to conduct a study on whether this technology is appropriate for use in schools.
Continue Reading New York Temporarily Bans Facial Recognition Technology in Schools

On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach