The US Department of Health and Human Services recently updated its guide to help the private and public healthcare sectors develop cybersecurity protocols that address NIST’s Framework for Improving Critical Infrastructure Cybersecurity. The guide is a toolkit, with information and resources intended to help companies implement cybersecurity programs in the health care space. While the aim of this guidance is to help companies implement NIST’s protocols for protecting US critical infrastructure, the recommendations contained in the guide mirror other agencies’ security recommendations (for example those we have written about from the Department of Labor and the FDA).
Charles Glover is an associate in the Intellectual Property Practice Group in the firm's New York office.
72 hours: The NCUA’s New Cyber Incident Reporting Requirement
Three days. Starting September 1, 2023, that is all federally insured credit unions will have to report cyber incidents.…
Continue Reading 72 hours: The NCUA’s New Cyber Incident Reporting Requirement
Lessons From New York AG Scrutiny of Breach Investigation and Response
New York’s Attorney General Letitia James recently secured a $1.9 million settlement from online retailer Zoetop Business Company, Ltd. to settle allegations that Zoetop had improperly handled a 2018 data breach and subsequent consumer notification. The scrutiny given to Zoetop provides insights into the NYAG’s expectations around breach investigations and response.…
Continue Reading Lessons From New York AG Scrutiny of Breach Investigation and Response
New York City Set To Regulate Employment Decisions Made By AI
Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made “within the city” regarding job applicants and promotion decisions.…
Continue Reading New York City Set To Regulate Employment Decisions Made By AI
Keeping Both Eyes on Cybersecurity
The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD Act applies, as we have written previously, to any organization owning or licensing the information of a NYS resident, not just organizations located in New York. It requires companies to take reasonable administrative, technical, and physical safeguards to protect collected personal information.
Continue Reading Keeping Both Eyes on Cybersecurity
NYAG Issues Credential Stuffing Guidance
The New York AG recently issued information about steps companies can take to protect against credential stuffing attacks, and how to handle them if they occur. The guidance makes up a majority of a larger AG report on credential stuffing.
Continue Reading NYAG Issues Credential Stuffing Guidance
Baltimore Blows By Brother Burghs with Big Biometrics Ban
Baltimore recently prohibited several uses of “face surveillance” technology. Under the new law companies cannot use systems that identify or verify individuals based on their face. The law also prohibits saving information gathered from these systems. Getting an individual’s consent is not a way around the prohibition. Nor is promising not to connect information gathered with other personal information.
Continue Reading Baltimore Blows By Brother Burghs with Big Biometrics Ban
FTC Signals Focus on Healthcare and Technology Platforms, Among Others
The FTC recently voted to authorize the use of compulsory processes—the FTC’s primary investigatory tools—on what it calls “key law enforcement priorities.” The resolutions allow investigators to take actions like issuing subpoenas and civil investigations demands (commonly referred to as “CIDs”) in a variety of areas. Of note is the inclusion of both healthcare markets and technology platforms, signaling a potential FTC interest in those sectors.
Continue Reading FTC Signals Focus on Healthcare and Technology Platforms, Among Others