On January 24, 2022, New York Attorney General Letitia James announced a $600,000 settlement agreement with EyeMed Vision Care, a vision benefits company, stemming from a 2020 data breach compromising the personal information of approximately 2.1 million individuals across the United States, including nearly 99,000 in New York State (the “Incident”).
This settlement was the
When Massachusetts issued its data security regulations in 2009 (Regulations), it led the way for states on data security. The Regulations became effective 12 years ago, almost to the day, March 1, 2010. The Bay State is now contemplating comprehensive privacy legislation, the Massachusetts Information Privacy and Security Act (MIPSA), similar to what has been
UPDATE: The changes to the Massachusetts data breach notification law described below are now in effect. Thus, if you have discovered a data incident involving the personal information of Massachusetts residents you will want to review these changes carefully – they are significant and the Commonwealth is intent on educating the public about them. Because
Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond.
Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in
On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more
On April 17th, the National Institute of Standards and Technology (“NIST”), a component of the U.S. Commerce Department, released Version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework Version 1.1”), which incorporates feedback from NIST-led workshops, public comments, and questions received by NIST team members over the last two
On November 2nd, New York Attorney General Eric T. Schneiderman announced his proposal of the SHIELD Act – Stop Hacks and Improve Electronic Data Security Act – a bill that would heighten data security requirements for companies and better protect New York residents from data breaches of
On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states.
Importantly, the definition of
In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on
In honor of Data Privacy Day, we provide the following “Top 10 for 2016.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2016.
EU/U.S. Data Transfer (status of Safe Harbor). On October 6, 2015, the Court of Justice of the European Union (CJEU) ruled