While the U.S. government remains unable to enact comprehensive privacy legislation in response to new technologies and growing privacy concerns, numerous states across the country, including New York, have adopted privacy laws and regulations seeking to address specific issues or that are applicable to specified entities. Some of these new rules affect a broad swath …
Read More

In a recently issued report, titled “Kill Switch: Why Connected Cars Can Be Killing Machines and How to Turn Them Off,” Consumer Watchdog, a nonprofit consumer advocacy organization, warned that millions of internet-connected cars already on the roadways may be dangerously vulnerable to hacking. While fully autonomous self-driving vehicles may be years away from widespread …
Read More

Organizations big and small are making significant investments in cybersecurity. Yet, unlike other investments, it’s difficult to assess a company’s return on investment for its cybersecurity spending. And while businesses in regulated industries must invest in cybersecurity to remain in compliance with prevailing laws and therefore stay in business, there is no such straight line …
Read More

Section 230(c)(1) of the Communications Decency Act of 1996 (CDA) was enacted to facilitate the growth of the internet, by immunizing internet service providers (ISPs) from liability in connection with third party content that appeared on their “interactive computer service.” It states: “No provider or user of an interactive computer service shall be treated as …
Read More

Recent settlements of Federal Trade Commission (FTC) actions against Facebook and Equifax received significant publicity for the deals’ large payments to consumers and the Commission. Facebook’s deal calls for a $5 billion penalty for misuse of user’s private data. The Equifax deal requires the company to pay up to $575 million to consumers whose personal …
Read More

On July 25, 2019, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into law by Governor Cuomo. It will become effective on October 23, 2019. The Act makes important updates to the way that businesses must respond to data breaches and imposes new requirements on businesses to enact data security programs …
Read More

On July 29, 2019, a judgment was issued by the European Union’s Court of Justice that highlights the need for online businesses to be aware of how user data is shared when third party plug-ins are included on their websites. The Court of Justice’s decision has been highly anticipated as to it reflects the extent …
Read More

In the second and third week of June, the municipalities of Lake City, and Riviera Beach, Fla., agreed to pay a combined total of over $1 million to cyber criminals claiming responsibility for shutting down municipal computer systems necessary to the operation of crucial municipal functions. The Riviera Beach attack was traced to an email …
Read More

This past week, the Federal Trade Commission (FTC) voted to approve a record-breaking $5 billion settlement with Facebook, resolving its investigation into the charge that the company violated a prior settlement with the Commission when it improperly permitted political data firm Cambridge Analytica to access 87 million users’ personal information. Cambridge Analytica created personality quiz …
Read More

A plethora of federal laws address the proliferation of technology-enabled automated communications in a variety of areas, including finance, commerce, credit, and health. Although the general objective is to address individual privacy and data security concerns, each law contains distinct goals, technical requirements, and remedies if violated. One issue that continues to evolve is whether …
Read More