Recent blog posts - Harter Secrest and Emery LLP Attorneys and Counselors, Rochester, NY, Buffalo, NY, Albany, NY, Corning, NY, New York, NY - HSE Law

New Suit by Delta Reminds Everyone About the Importance of Data Security Protection in the Context of Third-Party Service Provider Relationships

August 21, 2019

Privacy and Data Security

In a recent lawsuit filed this month in the United States District Court for the Southern District of New York, Delta Airlines brought suit against its website chat services provider, [24]7, stemming from a 2017 data breach suffered by [24]7 that affected approximately 800,000 of Delta’s customers. Specifically, Delta alleges in its complaint that an attacker gained access to [24]7’s networks and modified the source code of its chat services so that the attacker could “scrape” payment card information from customers as they used the chat feature available on Delta’s website.

New York Continues Expansion of Protections Against Discrimination and Harassment

Edward J. Steve, Esq.

August 19, 2019

Labor and Employment

On August 12, 2019, Governor Andrew Cuomo signed legislation (S.6577/A.8421) that greatly expanded the protections for workplace discrimination and harassment. These additional protections come just a little over one year after the state enacted comprehensive legislation designed to combat sexual harassment.

Still Searching for Meaningful Change Following Massive Data Breaches

Anna S.M. McCarthy, Esq.

August 7, 2019

Privacy and Data Security

Large business data breaches - like the one affecting 100 million Capital One credit card customers and applicants - remain commonplace, so much so that they are becoming accepted as the new normal in today’s climate of consumer dealings. They shouldn’t be.

Update on Gifting: The Clawback Law Has Been Extended to January 1, 2026

Graham S. Leonard, Esq.

August 7, 2019

Trusts and Estates

As we wrote here earlier this year, Governor Cuomo proposed to extend the “clawback law,” which had expired on January 1, 2019, in his fiscal year 2020 Executive Budget. As a reminder, the clawback law pulled the value of all taxable gifts made within three years of a New York resident taxpayer’s death back into the New York resident taxpayer’s estate for New York estate tax purposes.

New York Raises the Stakes in Relation to Breach Reporting and Securing “Private Information”

F. Paul Greene, Esq.

July 29, 2019

Privacy and Data Security

Following up on our post from June 7, Governor Cuomo has now signed the SHIELD Act into law. New section 899-bb of the General Business Law, which creates substantive security obligations for all persons or businesses that own or license the defined “private information” of New Yorkers, goes into effect in 240 days, with the rest of the law taking effect within 90 days.

Defense Contractors Get Ready: DoD Close to Unveiling New Cyber Certification Program

Daniel J. Altieri, Esq.

July 12, 2019

Privacy and Data Security

The Department of Defense (“DoD”) recently announced that a new cybersecurity standard and certification program for defense contractors, the Cybersecurity Capability Model Certification program (“CCMC”), is currently under development and nearly ready for deployment.

What’s Old is New Again - NY SHIELD Act Passes the Senate

F. Paul Greene, Esq.

June 7, 2019

Privacy and Data Security

Cybersecurity law moves quickly and what may have been dead in one legislative session can come back in another to change the regulatory landscape in unexpected ways. Case in point, the NY SHIELD Act, S5575A, which passed in the New York Senate this week.

New York Changes Sole Member Rule

Joshua E. Gewolb, Esq.

June 1, 2019

Exempt Organizations

Effective July 1, the New York State legislature has modified a key provision of the Not-for-Profit Corporation Law (NPCL) regarding the ability of New York non-profits to establish a sole member structure. This change may require immediate adjustment to legal structures by affected non-profits.

More Paid Time Off to Vote in New York

Benjamin E. Mudrick, Esq.

May 3, 2019

Labor and Employment

New York has recently amended its voting leave law to make it easier for all employees to take time off to vote. Effective immediately, all employers in New York must provide employees who are registered to vote with “up to three hours” of paid time off at the beginning or end of a work shift to vote.

What I Learned from Teaching an Exempt Organizations Class

Joshua E. Gewolb, Esq.

April 30, 2019

Exempt Organizations

Most of my blog posts focus on current legal developments, however, for this one I thought I would mix things up and share what I learned while guest lecturing on exempt organizations for a recent law school “Law of Higher Education” class.

Featured

Can All of Those State Data Breach Notifications Lead to More Data Breaches?

F. Paul Greene, Esq.

August 27, 2018

Privacy and Data Security

In an interesting IAPP article, Kelce Wilson, InfraGard General Counsel, describes how bad actors without any hacking expertise can potentially inject themselves into the middle of a data breach notification effort and engage in widespread identity theft. The other unanticipated consequence of data breach notification is this: with the trend toward public disclosure of data breach notification letters and statistics, more and more information is in the public domain about the types of data our organizations collect and whether or not we encrypt that data. Case in point, Massachusetts, where yearly Data Breach Notification Reports are available on-line. The 2018 Report shows data breaches reported to Massachusetts authorities this year.

Featured

IRS Changes Donor Disclosure Requirements for Non-Charitable Exempts

Joshua E. Gewolb, Esq.

August 14, 2018

Exempt Organizations

On July 16^th, the IRS issued controversial guidance eliminating the requirement for non-charitable exempt organizations to report the names of contributors on their tax returns.

The guidance is the end, for now, of a simmering political controversy relating to information available to the government regarding “dark money” and donations to non-charitable exempt organizations.

Featured

Down But Not Out - States Point the Way to How the FTC Might Recover from the 11th Circuit’s LabMD Decision

Harter Secrest & Emery LLP

August 7, 2018

Privacy and Data Security

In a classic story of “it’s never over until it’s over,” cybersecurity David LabMD challenged the FTC’s Goliathan ability to issue sweeping orders in relation to security concerns under Section 5(a) of the Federal Trade Commission Act. LabMD had lost its challenge of the FTC’s underlying authority to issue such orders, but continued in its fight, ultimately challenging the wording of the FTC’s form order itself. And LabMD ultimately won in a landmark decision that can be found here.

Featured

Second Equifax Employee Charged with Insider Trading Following Data Breach

Laura K. Schwalbe, Esq.

July 3, 2018

Privacy and Data Security

On June 28, 2018 the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) announced parallel criminal and civil charges against Sudhakar Reddy Bonthu, a former software development manager, for selling his shares of Equifax stock before Equifax publicly announced that it had suffered an immense data breach.

Featured

The Risk in Your (Unprivileged) Risk Assessment

F. Paul Greene, Esq.

June 26, 2018

Privacy and Data Security

As cybersecurity regulatory frameworks mature, the move has been toward risk-adjusted security requirements rather than prescriptive controls mandated by a legislature or administrative agency. This makes sense, of course, for two primary reasons.

Disclaimer