On October 2, 2024, the New York State Department of Health (DOH) published a new cybersecurity regulation (10 NYCRR 405.46) for all general hospitals licensed pursuant to article 28 of the Public Health Law. Although most of the regulation will
David Kessler (US)
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence
On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve…
Security cameras, CAN-SPAM, and “reasonable or appropriate security”
On August 30, 2024, the Federal Trade Commission (FTC) announced a proposed settlement with security camera manufacturer Verkada Inc., claiming Verkada committed a variety of unfair or deceptive acts or practices in violation of § 5 of the Federal Trade…
California Attorney General and data security, access and retention
Violation of HIPAA Security Rule = Violation of NY SHIELD Act
Minnesota enacts comprehensive privacy law
On May 24, 2024, the Minnesota Governor signed the Minnesota Consumer Data Privacy Act (“MCDPA”), making Minnesota the eighteenth state to enact a comprehensive privacy law. The new law takes effect on July 31, 2025, for most regulated entities, with…
Is your Texas data protection assessment started?
As we have previously written, the Texas comprehensive privacy law, known as the Texas Data Privacy and Security Act (TDPSA), goes into effect on Monday, July 1, 2024. As a reminder, unlike other states’ comprehensive privacy laws that are…
$10,000,000 civil penalty for disclosing personal data without consent
On April 15, 2024, the U.S. Department of Justice, upon referral from the Federal Trade Commission, filed a complaint and stipulated order against telehealth company Cerebral, Inc. The claims related to the company’s sharing personal data without consumer consent and…
Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2
Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the…
Executive Order on access to Americans’ bulk sensitive data – Part 1
On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use…