New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery service, in turn, must tell consumers about the potential sharing “in a conspicuous manner” on its website and give people the ability to opt-out of such sharing.  That notice needs to indicate that the person’s information will be shared with the restaurant, and needs to identify the restaurant.
Continue Reading Impact of NYC’s New Delivery Service Data Sharing Requirement

The New York Department of Financial Service recently clarified security incident notification requirements and the use of multi-factor authentication. On its FAQ page, the NYDFS added two new questions and answers for financial services companies subject to 23 NYCRR Part 500.
Continue Reading NYDFS FAQ Provides Clarity on Breach Notification and Security Requirements

Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements in October 2019. Now, On March 21, 2020, the remaining provisions related to data security will also come into effect. As we wrote previously, businesses subject to the law must implement data security programs that include at least the following:
Continue Reading NY SHIELD Act Data Security Requirements Effective This Month