New York’s Attorney General Letitia James recently secured a $1.9 million settlement from online retailer Zoetop Business Company, Ltd. to settle allegations that Zoetop had improperly handled a 2018 data breach and subsequent consumer notification. The scrutiny given to Zoetop provides insights into the NYAG’s expectations around breach investigations and response.
Charles Glover is an associate in the Intellectual Property Practice Group in the firm's New York office.
Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made “within the city” regarding job applicants and promotion decisions.…
The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD Act applies, as we have written previously, to any organization owning or licensing the information of a NYS resident, not just organizations located in New York. It requires companies to take reasonable administrative, technical, and physical safeguards to protect collected personal information.
Continue Reading Keeping Both Eyes on Cybersecurity
The New York AG recently issued information about steps companies can take to protect against credential stuffing attacks, and how to handle them if they occur. The guidance makes up a majority of a larger AG report on credential stuffing.
Continue Reading NYAG Issues Credential Stuffing Guidance
Baltimore recently prohibited several uses of “face surveillance” technology. Under the new law companies cannot use systems that identify or verify individuals based on their face. The law also prohibits saving information gathered from these systems. Getting an individual’s consent is not a way around the prohibition. Nor is promising not to connect information gathered with other personal information.
Continue Reading Baltimore Blows By Brother Burghs with Big Biometrics Ban
The FTC recently voted to authorize the use of compulsory processes—the FTC’s primary investigatory tools—on what it calls “key law enforcement priorities.” The resolutions allow investigators to take actions like issuing subpoenas and civil investigations demands (commonly referred to as “CIDs”) in a variety of areas. Of note is the inclusion of both healthcare markets and technology platforms, signaling a potential FTC interest in those sectors.
Continue Reading FTC Signals Focus on Healthcare and Technology Platforms, Among Others