New York

Subscribe to New York via RSS

New York State’s 2025 legislative session marked a notable moment in the evolution of artificial intelligence (AI) and privacy regulation. Governor Kathy Hochul signed the Responsible AI Safety and Education (RAISE) Act, creating one of the first state-level frameworks aimed specifically at the most advanced AI systems, while vetoing the proposed New York Health Information

Organizations across the spectrum rely heavily on website tracking technologies to understand user behavior, enhance customer experience, and drive growth.  The convenience and insights these technologies offer come with a caveat, however: They can land your organization in hot water if not managed in careful compliance with fast-evolving law.

Recent history is rife with litigation

Artificial intelligence tools are fundamentally changing how people work. Tasks that used to be painstaking and time-consuming are now able to be completed in real-time with the assistance of AI.

Many organizations have sought to leverage the benefits of AI in various ways. An organization, for instance, can use AI to screen resumes and identify

In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”).  The settlement stems from a data breach to which the College was subject in 2021.  Following an investigation, which, according to the NYAG, revealed inadequacies

Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”).  According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500.  

In the

As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act  an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information.  Maintaining its focus on this area, the NYAG recently released

On August 17, 2022, New York announced an amendment to the Continuing Legal Education (CLE) Program Rules, which adds a requirement for attorneys to complete at least one CLE credit hour in Cybersecurity, Privacy, and Data Protection as part of fulfilling their CLE requirements.

New York barred attorneys will be required to comply starting July

On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State (the “Incident”).

This settlement was the

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,