On May 24, 2018, the President signed the Economic Growth, Regulatory Relief, and Consumer Protection Act (the “Act”) into law, adding new Fair Credit Reporting Act (“FCRA”) required notices. The changes primarily impact consumer reporting agencies (“CRAs”) rather than employers, but one change adds a new required notice whenever a Summary of Consumer Rights is required by the FCRA’s Section 609.
New Suit by Delta Reminds Everyone About the Importance of Data Security Protection in the Context of Third-Party Service Provider Relationships
This fall, I have the pleasure of teaching a course on Information Security Policy and Law at the Rochester Institute of Technology Golisano College of Computing and Information Sciences. When I was asked to teach, I welcomed the opportunity, because the course is directed at graduate level cybersecurity students, who don’t often get exposure to the legal and regulatory side of the cybersecurity equation.
Just in time for the holiday weekend, the New York State Department of Financial Services released the updated 2019 Paid Family Leave (PFL) premium rates.
As discussed in our May 18, 2018 LEGALcurrents®, on April 12, 2018 Governor Andrew Cuomo signed the New York State Budget, which included new requirements to address workplace sexual harassment. Under the new rules, by October 9, 2018 all New York employers (regardless of size) are required to either adopt the State’s model anti-harassment policy and training or adopt a policy and implement a training program that meets New York standards.
In an interesting IAPP article, Kelce Wilson, InfraGard General Counsel, describes how bad actors without any hacking expertise can potentially inject themselves into the middle of a data breach notification effort and engage in widespread identity theft. The other unanticipated consequence of data breach notification is this: with the trend toward public disclosure of data breach notification letters and statistics, more and more information is in the public domain about the types of data our organizations collect and whether or not we encrypt that data. Case in point, Massachusetts, where yearly Data Breach Notification Reports are available on-line. The 2018 Report shows data breaches reported to Massachusetts authorities this year.