New York

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Posted on November 23, 2022

Posted in Cybersecurity, Financial Privacy, U.S. State Law

On November 9, 2022, the New York Department of Financial Services released their second amendments to their Part 500 Cybersecurity Rules.
Continue Reading NYDFS Amends Cybersecurity Rules for Financial Services Companies

NYC DCWP Proposes Rules to Implement New Law Governing Automated Employment Decision Tools

Posted on October 28, 2022

Posted in Online Privacy, U.S. State Law, Workplace Privacy

On October 24, 2022, the New York City Department of Consumer and Worker Protection proposed rules to implement its new law regarding automated employment decision tools. …
Continue Reading NYC DCWP Proposes Rules to Implement New Law Governing Automated Employment Decision Tools

New York Legislature Considers New York Child Data Privacy and Protection Act

Posted on October 25, 2022

Posted in Behavioral Advertising, Children’s Privacy, Enforcement, Marketing, Online Privacy, U.S. State Law

On September 23, 2022, New York State Senator Andrew Gounardes introduced S9563, also known as the “New York Child Data Privacy and Protection Act.” …
Continue Reading New York Legislature Considers New York Child Data Privacy and Protection Act

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Posted on October 24, 2022

Posted in Cybersecurity, Enforcement, Financial Privacy, Health Privacy, Security Breach

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach

Posted on October 19, 2022

Posted in Cybersecurity, Information Security, Security Breach

On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Posted on August 15, 2022

Posted in Cybersecurity, Financial Privacy

On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

Posted on August 15, 2022

Posted in Cybersecurity, Information Security

New York recently became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements. The new requirement will take effect July 1, 2023.
Continue Reading New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection

Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse

Posted on July 14, 2022

Posted in Cybersecurity, Enforcement, Information Security, Online Privacy, U.S. State Law

On June 30, 2022, the New York Office of the Attorney General announced a $400,000 agreement with Wegmans Food Markets, Inc. in connection with a cloud storage security issue. …
Continue Reading Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse

China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information

Posted on July 11, 2022

Posted in Information Security, International

On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.…

Continue Reading China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Posted on July 1, 2022

Posted in Cybersecurity, Enforcement, Financial Privacy, Security Breach

On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Menu

Privacy & Information Security Law Blog