New York SHIELD Act

Preventing “Credential Stuffing” Attacks, Guidance from NY State Attorney General Letitia James

By Joseph J. Lazzarotti on January 10, 2022

Posted in Consumer Privacy, Data Breach Notification, Data Security, Identity Theft, Incident Response Planning, Information Risk, Written Information Security Program

After reading New York Attorney General Letitia James’ Business Guide for Credential Stuffing Attacks (“Guide”), I promptly reminded my family (and myself!) to change passwords. The practice of using the same password for multiple online accounts is one that most, if not all of us, use from time to time. According to a recent study,…

NY Attorney General Announces Settlement After Website Data Breach

By Joseph J. Lazzarotti, Jason C. Gavejian, Damon W. Silver & Maya Atrakchi on June 8, 2021

Posted in Consumer Privacy, Data Breach Notification, Data Security

In late May, New York Attorney General Letitia James announced a $200,000 settlement agreement with Filters Fast, an online water filtration retailer, stemming from a 2019 data breach compromising the personal information of over 300,000 consumers across the U.S., including nearly 17,000 in New York state. The settlement also requires the online retailer to strengthen…

10 Steps for Tackling Data Privacy and Security Laws in 2020 for In-House Counsel and HR Pros

By Joseph J. Lazzarotti on December 29, 2019

Posted in ADA, California Consumer Privacy Act, Consumer Privacy, Data Breach Notification, Data Security, GDPR, HIPAA, Identity Theft, Information Management, International, Monitoring, Online Privacy, Third Party Service Providers, Written Information Security Program

After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data…

New Year, New Shields: How Can You Prepare for the New York SHIELD Act?

By Delonie A. Plummer on December 23, 2019

Posted in Uncategorized

As we’ve previously reported, the New York Stop Hacks and Improve Electronic Data Security Act (the “SHIELD Act”) goes into effect on March 21, 2020. The SHIELD Act, which amends the State’s current data breach notification law, imposes more expansive data security and data breach notification requirements on companies, in the hope of ensuring…

New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident

By Frank J. Fanshawe, Joseph J. Lazzarotti, Jason C. Gavejian & Maya Atrakchi on August 16, 2019

Posted in Data Breach Notification, Data Security, HIPAA

On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing the Department of a potential cybersecurity incident. The updated protocol is considered effective immediately from a…

Workplace Privacy, Data Management & Security Report

New York SHIELD Act

Preventing “Credential Stuffing” Attacks, Guidance from NY State Attorney General Letitia James

NY Attorney General Announces Settlement After Website Data Breach

New Year, New Shields: How Can You Prepare for the New York SHIELD Act?

New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident

Jackson Lewis

About Jackson Lewis