On November 9, 2022, the New York Department of Financial Services released their second amendments to their Part 500 Cybersecurity Rules.
Continue Reading NYDFS Amends Cybersecurity Rules for Financial Services Companies
New York
NYC DCWP Proposes Rules to Implement New Law Governing Automated Employment Decision Tools
On October 24, 2022, the New York City Department of Consumer and Worker Protection proposed rules to implement its new law regarding automated employment decision tools. …
Continue Reading NYC DCWP Proposes Rules to Implement New Law Governing Automated Employment Decision Tools
New York Legislature Considers New York Child Data Privacy and Protection Act
On September 23, 2022, New York State Senator Andrew Gounardes introduced S9563, also known as the “New York Child Data Privacy and Protection Act.” …
Continue Reading New York Legislature Considers New York Child Data Privacy and Protection Act
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach
On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach
Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
New York recently became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements. The new requirement will take effect July 1, 2023.
Continue Reading New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
On June 30, 2022, the New York Office of the Attorney General announced a $400,000 agreement with Wegmans Food Markets, Inc. in connection with a cloud storage security issue. …
Continue Reading Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information
On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.…
NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches