New York Governor Andrew Cuomo recently announced his proposal for a comprehensive data security law that will “provide New Yorkers with transparency and control over their personal data and provide new privacy protections.” The proposal also would establish a Consumer Data Privacy Bill of Rights that would guarantee “the right to access, control, and erase the data collected from them; the right to nondiscrimination from providers for exercising these rights; and the right to equal access to services.”
According to the state of New York’s website announcing the initiative, the proposal also “expressly protects sensitive categories of information including health, biometric and location data and creates strong enforcement mechanisms to hold covered entities accountable for the illegal use of consumer data. New York State will work with other states to ensure competition and innovation in the digital marketplace by promoting coordination and consistency among their regulatory policies.”
This proposal is promising and, if passed, it would mean that New York would join California in enacting a comprehensive consumer privacy law. We will follow the proposal closely to see if this new proposal will add to New York’s Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act), which passed in 2017 and established cybersecurity regulations for the financial services industry.
Canon U.S.A. Inc. (Canon) was hit with a class action lawsuit in the U.S. District Court for the Eastern District of New York this week for the ransomware attack that exposed current and former employees’ personal information in November 2020. The plaintiffs reside in Ohio, New York, Florida and Illinois, and allege that Canon was negligent in protecting employee data and violated state trade practice laws by failing to guard against such an attack. The plaintiffs further allege that Canon failed to notify the affected individuals in a timely manner.
The attack on Cannon occurred in August 2020 and affected current and former employees from 2005 to 2020, as well as their beneficiaries and dependents. The information affected included Social Security numbers, driver’s license numbers, financial account numbers, electronic signatures, and dates of birth. The plaintiffs are seeking certification of a nationwide class.
On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers and/or Taxpayer Identification numbers.
Of the $2 million, $750,000 will be an immediate payment divided among the states: New Jersey, New York, Connecticut, Indiana, Kentucky, Michigan and Oregon.
According to the settlement agreement, if CafePress improves its data privacy practices, the states have agreed to suspend the balance of the settlement. Those improvements include implementing a comprehensive cybersecurity program that is updated and assessed regularly, a data breach notification plan (including preparation, detection, analysis, containment, eradication and recovery), as well as other safeguards like encryption, segmentation and penetration testing. CafePress must also update its disclosures to consumers including information on account closure and data deletion. The company must also have a third-party risk assessment for the next five years.
If you live within a one and a half-mile radius of the east side of the Walmart store in El Paso, Texas in a single-family home, within a one-mile radius of the North Las Vegas Walmart store in a single-family home, or within a one-mile radius of the Cheektowaga, New York Walmart store, then you are eligible to take part in the COVID-19 testing delivery-by-drone pilot program. It works like this: A drone drops off a testing kit with a self-administered nasal swab; the patient then ships the sample to Quest Diagnostics using a pre-paid shipping envelope. The results are provided to the patient online.
With the rising number of COVID-19 cases in these areas, the hope is to provide more testing and accessibility.
This program is available only while the supplies last. It is offered Monday through Saturday from 9:30 a.m. to 4:30 p.m. and Sunday from 10 a.m. to 4:30 p.m. This is yet another example of drones potentially increasing efficiency and improving accessibly for health care.