As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.
Continue Reading FTC Postpones Safeguards Rule Workshop until July

On April 13, 2020, the New York Department of Financial Services issued guidance to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.
Continue Reading NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act went into effect. The SHIELD Act requires any person or business owning or licensing computerized data that includes the private information of a resident of New York to implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information.
Continue Reading New York SHIELD Act Requires Safeguards to Protect Private Information

On July 23, 2019, New York City Council members introduced Int. 1632-2019, an amendment to the administrative code of New York City that would prohibit telecommunications carriers and mobile applications from sharing a customer’s location data if the location was collected from a device in the five boroughs.
Continue Reading New York City Considers Prohibition on Sharing Location Data

On December 4, 2018, the New York Attorney General announced that Oath Inc. agreed to pay New York a $4.95 million civil penalty following allegations that it had violated the Children’s Online Privacy Protection Act. This is the largest-ever COPPA penalty.
Continue Reading AOL Successor Agrees to Pay $4.95 Million in COPPA Enforcement Action

On August 28, 2018, plaintiffs filed a class action lawsuit against Nielsen Holdings PLC and some of its officers and directors for making allegedly materially false and misleading statements to investors about the impact of privacy regulations and third-party business partners’ privacy policies on the company’s revenues and earnings.
Continue Reading Plaintiffs File Class Action Lawsuit Against Nielsen Over Alleged False and Misleading Statements

On June 27, 2018, Equifax entered into a consent order with 8 state banking regulators, including those in New York and California, arising from the company’s 2017 data breach that exposed the personal information of 143 million consumers.
Continue Reading Equifax Enters Into Consent Order with State Banking Regulators Regarding 2017 Data Breach