Tag Archives: Reg 500

NYC Creates BIPA-Like Requirements for Retail, Hospitality Businesses Concerning Biometric Information Collected From Customers

By Damon W. Silver and Melissa Pascualini on Posted in: Biometric Information, BIPA, Consumer Privacy, Data Breach Notification, Data Security, Information Management, Information Risk, New York SHIELD Act, Photos, Videos and Surveillance, Written Information Security Program
Effective July 9, 2021, certain retail and hospitality businesses that collect and use “biometric identifier information” from customers will need to post conspicuous notices near all customer entrances to their facilities.  These businesses will also be barred from selling, leasing, trading, sharing or otherwise profiting from the biometric identifier information they collect from customers.  Customers … Continue Reading

Data Protection and the Role of Vendor Management

By Mary T. Costigan on Posted in: California Consumer Privacy Act, Incident Response Planning, Information Management
The SolarWinds hack highlights the critical need for organizations of all sizes to include cyber supply chain risk management as part of their information security program. It is also a reminder that privacy and security risks to an organization’s data can come from various vectors, including third party vendors and services providers. By way of … Continue Reading

NYDFS Files First Enforcement Action Under Reg 500

By Damon W. Silver and Catherine R. Tucciarello on Posted in: Uncategorized
On July 21, 2020, the New York Department of Financial Services (“DFS”) filed its first enforcement action under New York’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”).    Reg 500, which took effect in March 2017, imposes wide-ranging and rigorous requirements on subject organizations and their service providers, which are summarized … Continue Reading
LexBlog