Support Centre

New York

Summary

Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The New York State Attorney General ('AG')

Summary: Although New York has not adopted a comprehensive data protection law and does not recognize a constitutional or common law right of privacy, privacy is regulated statutorily through Article 5 of the Civil Rights Law.

Another important part of New York's legislation is the Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act) which was signed into law in July 2019, before fully coming into effect on March 21, 2020. The SHIELD Act regulates data breach and data security matters in New York, modified existing data breach requirements, established obligations regarding developing security programs, and expanded enforcement capabilities.

Regarding health care, New York has enacted a number of laws that apply to the privacy of health-related information, such as Part 29 of Chapter I of Title 8 of the New York Codes, Rules, and Regulations and the Social Services Law of the Consolidated Laws of New York.

New York's State Senate and Assembly have also tried to pass general privacy legislation, but such bills have not yet been successful.

You can follow legislative developments in the US through the USA State Law Tracker.

News

Insights

October 2024

New York: New laws with strict data requirements for children – the SAFE Act and the CDPA

On June 20, 2024, two major bills were signed into law in New York - the Stop Addictive Feeds Exploitation (SAFE) Act (7694A) (the SAFE Act) and the New York Child Data Protection Act (7695B) (CDPA). This development follows a growing legislative trend across state governments to address children's personal information and concerns with social media platforms, although the new laws have their own unique attributes. Mark Francis and Annie Ziesing, from Holland & Knight LLP, discuss the laws, including their backgrounds, when they will apply, and how they'll be enforced.

February 2024

New York: NYDFS further enhances its cybersecurity regulations

When the New York Department of Financial Services (NYDFS) first promulgated its cybersecurity regulations in March 2017 (the Cybersecurity Regulations), these were widely considered the most prescriptive requirements imposed on financial institutions nationwide.1 The Cybersecurity Regulations aimed to address constantly evolving cyber threats and enhance the financial industry's cybersecurity practices to reflect the reality that the cybersecurity landscape is changing rapidly with the increased sophistication of threat actors, rising prevalence of cyberattacks (including ransomware), higher remediation costs, and the proliferation of cybersecurity solutions and tools.

Moving the bar even further, the NYDFS has chosen to further enhance the Cybersecurity Regulations with recent updates announced on November 1, 2023. For those financial institutions subject to the NYDFS Cybersecurity Regulations, understanding the latest changes will be crucial to ensure compliance with these regulatory expectations in the coming years. Kim Phan and Edgar Vargas, from Troutman Pepper Hamilton Sanders LLP, highlight the recent amendments.

August 2023

New York: Paving the way for regulation of AI technology in the workforce

In this Insight article, Mark Francis and Sophie Kletzien, from Holland & Knight LLP, delve into New York City's pioneering regulations, making it the first US jurisdiction to govern artificial intelligence's (AI) role in employment decisions.

May 2022

New York: New law establishes employer requirements for notice of electronic monitoring

On 8 November 2021, New York Governor Kathy Hochul signed into law Senate Bill ('SB') 2628, which requires every private-sector employer to provide notice of its electronic monitoring practices to all employees upon hiring, with written or electronic employee acknowledgement, and, more generally, in a 'conspicuous place' viewable by all employees. Since then, the law has taken effect on 7 May 2022. Mark Francis and Sophie Kletzien, from Holland & Knight LLP, summarise the main provisions and implications of SB 2628, while drawing comparisons to other States' laws.

December 2021

New York: Overview of the automated employment decision tools law

The New York City Council approved, on 10 November 2021, Bill Int 1894-2020 for a Local Law to amend the Administrative Code of the City of New York in relation to automated employment decision tools. Soon after, the bill was automatically enacted without a mayoral signature on 10 December 2021 and is due to take effect in 2023. In particular, the law regulates automated employment decision tools which score, classify, or otherwise make a recommendation, that is used to substantially assist or replace the decision-making process of an individual. OneTrust DataGuidance gives an overview of the law, its scope, and main provisions, alongside comments provided by Jessica Lee and Bianca Lewis from Loeb & Loeb LLP.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.