New York has a new AI-related law which took effect January 1. The law regulates creation and use of digital replicas of an individual’s voice or likeness and is similar to those in California and Tennessee.Continue Reading New Year, New Protections for New York Artists and AI-Generated Replicas

As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the change to the definition of personal information does not take effect until March 21, 2025.Continue Reading New York Modifies Data Breach Law Heading Into 2025

The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from two ransomware attacks in 2023. The AG argued that the company had violated New York’s data security law, resulting in the incident. As part of the settlement, Albany ENT agreed to pay $2.75 million in civil penalties and to implement additional security measures.Continue Reading New York AG Settles EnforcemENT Action with ENT

The New York Department of Financial Services has modified its cybersecurity requirements for regulated entities. These requirements are in addition to those included in the regulations as last updated in November of last year. The new requirements go into effect November 1, 2024. They modify several parts of the rule, including:Continue Reading Amendments to NYDFS’ Cybersecurity Regulations Take Effect November 1

The New York Department of Financial Services (“NYDFS”) recently published guidance on managing cyber risks related to AI for the financial services and insurance industry. Though the circular letter does not introduce any per se “new” obligations, the guidance speaks to the Agency’s expectations for addressing AI within its existing cybersecurity regulations. Continue Reading NYDFS Speaks Out on AI and its Cybersecurity Risks

The New York Attorney General’s office and the UK Information Commissioner’s Office were busy last month when it came to children’s privacy. Both sought input from the public about regulating children’s online privacy, including on social media.Continue Reading Regulators On Both Sides of the Pond Seek Input on Children’s Privacy

A biotech company recently settled with three AGs over allegations that it had failed to protect consumer information. According to the AGs of Connecticut, New York and New Jersey, this led to a 2023 data incident. The company, Enzo Biochem, agreed to pay a $4.5 million civil penalty and take several steps to modify its information security program.Continue Reading Biotech Company Settles with Three State AGs Over Security Practices

New York Attorney General Letitia James recently released guidance for businesses and consumers about website tracking technologies. The consumer guide provided examples of common cookies, tracking technologies, and how consumers can manage both. The business guide lists steps the AG expects companies to take to avoid misleading or deceiving consumers in violation of New York’s deceptive trade practices law.Continue Reading NY AG Releases Website Privacy Guides for Businesses and Consumers

New York’s governor recently signed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act. Although signed, the law will not be effective until after the New York Attorney General creates implementing regulations. The law is aimed at protecting children under 18 from social media companies’ “addictive feeds.” Addictive feeds are defined to include platforms and services that recommend content based on information from the user’s activity or device. Among other things, the law will:Continue Reading New York Law Seeks to Regulate Addictive Social Media Feeds

New York recently announced amendments to the State Department of Financial Services’ cybersecurity regulations. The changes further solidify the state’s already comprehensive cybersecurity regulatory regime. The amendments were both announced by Gov. Hochul and became effective on November 1, 2023. They apply to DFS regulated entities and aim to strengthen provisions around cyber governance, risk mitigation, incident notification, and training.Continue Reading NY Enhances Financial Cybersecurity Regulations

New York’s Local Law 144 of 2021 will finally go into effect on July 5, 2023, after several delays. As we previously discussed, the law requires employers to provide candidates for employment and promotion with notice about the use of an AI system, offer them an opt out, and audit any such systems for bias. The law is intended to benefit job applicants and may provide useful guidance for employers who wish to use AI to help eliminate workplace bias.Continue Reading NY AI Laws Going Live Next Month