Photo of Charles Glover

Charles Glover

Subscribe to Charles Glover's Posts

Charles Glover is an associate in the Intellectual Property Practice Group in the firm's New York office.

Contact: Read more about Charles Glover

The US Department of Health and Human Services recently updated its guide to help the private and public healthcare sectors develop cybersecurity protocols that address NIST’s Framework for Improving Critical Infrastructure Cybersecurity. The guide is a toolkit, with information and resources intended to help companies implement cybersecurity programs in the health care space. While the aim of this guidance is to help companies implement NIST’s protocols for protecting US critical infrastructure, the recommendations contained in the guide mirror other agencies’ security recommendations (for example those we have written about from the Department of Labor and the FDA).

Continue Reading HHS Releases Cybersecurity Guide

New York’s Attorney General Letitia James recently secured a $1.9 million settlement from online retailer Zoetop Business Company, Ltd. to settle allegations that Zoetop had improperly handled a 2018 data breach and subsequent consumer notification. The scrutiny given to Zoetop provides insights into the NYAG’s expectations around breach investigations and response.

Continue Reading Lessons From New York AG Scrutiny of Breach Investigation and Response

Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made “within the city” regarding job applicants and promotion decisions.

Continue Reading New York City Set To Regulate Employment Decisions Made By AI

The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD Act applies, as we have written previously, to any organization owning or licensing the information of a NYS resident, not just organizations located in New York. It requires companies to take reasonable administrative, technical, and physical safeguards to protect collected personal information.
Continue Reading Keeping Both Eyes on Cybersecurity

Baltimore recently prohibited several uses of “face surveillance” technology.  Under the new law companies cannot use systems that identify or verify individuals based on their face.  The law also prohibits saving information gathered from these systems.  Getting an individual’s consent is not a way around the prohibition. Nor is promising not to connect information gathered with other personal information.

Continue Reading Baltimore Blows By Brother Burghs with Big Biometrics Ban

The FTC recently voted to authorize the use of compulsory processes—the FTC’s primary investigatory tools—on what it calls “key law enforcement priorities.” The resolutions allow investigators to take actions like issuing subpoenas and civil investigations demands (commonly referred to as “CIDs”) in a variety of areas. Of note is the inclusion of both healthcare markets and technology platforms, signaling a potential FTC interest in those sectors.

Continue Reading FTC Signals Focus on Healthcare and Technology Platforms, Among Others