On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

New York recently became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements. The new requirement will take effect July 1, 2023.
Continue Reading New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events.
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

On February 14, 2022, Noom Inc., a popular weight loss and fitness app, agreed to pay $56 million, and provide an additional $6 million in subscription credits to settle a putative class action in New York federal court.
Continue Reading Fitness App Agrees to Pay $56 Million to Settle Class Action Alleging Dark Pattern Practices

The New York Office of the Attorney General recently announced the results of an investigation into “credential stuffing,” which uncovered 1.1 million compromised accounts from cyberattacks on 17 well-known companies. The announcement included a “Business Guide for Credential Stuffing Attacks,” detailing the attacks and providing tips for businesses to protect themselves.
Continue Reading New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks

On November 10, 2021, the New York City Council passed a bill prohibiting employers and employment agencies from using automated employment decision tools to screen candidates or employees, unless a bias audit has been conducted prior to deploying the tool. The Bill takes effect on January 2, 2023.
Continue Reading NYC to Regulate Artificial Intelligence-Based Hiring Tools

On November 8, 2021, New York Governor Kathy Hochul signed into law A.430/S.2628, which requires private employers with a place of business in New York State to provide their employees prior written notice, upon hiring, of any electronic monitoring, as defined in the Act, to which the employees will be subjected by the employer.
Continue Reading New York State Requires Private Employers to Notify Employees of Electronic Monitoring

As reported on the Hunton Retail Resource Blog, on October 20, 2021, a new wave in the fight against “robocalls” is targeting telemarketing text messages. In the past six months, there has been an uptick in activity at both the state and federal level to reign in telemarketing text messages.
Continue Reading Fight Against Robocalls Is Coming for Telemarketing Text Messages