Law Blog 2.0

Below I briefly review New York’s security breach and other relevant privacy/security law provisions which are sometimes not addressed in a corporation’s privacy and security policies (but should be). I have also reference and review New York’s Guidance on business best privacy and security practices. There are three basic areas of inquiry: privacy law pertaining to the protection of confidential information that requires specific actions with respect to specific identifiers (e.g. SSN, DL Number, etc.); obligations of an employer’s to the employer’s employees that include affirmative privacy obligations; and New York’s version of a security breach notification laws currently found in 45 states. New York Consumer Protection Board (“CPB”) is New York’s key agency responsible for protecting the residents of New York by “publicizing unscrupulous and questionable business practices; conducting investigations and hearings; researching issues; developing legislation and creating consumer education programs and materials.” The CPB has released guidance (New York’s Business Guide to Privacy) that provides an excellent summary of New York State privacy and security laws. Most actions brought under the discussed statutes must be brought by the State Attorney General. HIPAA and other Federal Laws (including the new HITECH Act) I have discussed in other blog [...]