New York

Summary

Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The New York State Attorney General ('AG')

Summary: Although New York does not recognise a constitutional or common law right of privacy, privacy is regulated statutorily through the Civil Rights Law. Another important part on New York's legislation is the Stop Hacks and Improve Electronic Data Security Act ('the SHIELD Act'). It was signed into law in July 2019 before fully coming into effect on 21 March 2020, and regulates data breach and data security matters in New York. The SHIELD Act modified existing data breach requirements, established obligations regarding developing security programs, and expanded enforcement capabilities. New York’s State Senate and Assembly have also tried to pass general privacy legislation, but such bills have not yet been successful.

Browse more content in New York

All Guidance Notes

All News

All Insights

News

08 April 2024

New York: State Bar Association Task Force on AI publishes report and recommendations

27 March 2024

New York: Bill requiring advertisements to disclose synthetic data referred to Assembly Committee

15 March 2024

New York: Bill prohibiting mandatory iris and retina scanning of employees referred to Senate Committee

15 March 2024

New York: Bill restricting electronic monitoring and automated employment decision tools referred to Committee

23 February 2024

New York: Companion bill to AI bill of rights referred to Committee

20 February 2024

Florida: Bill concerning the sale of a deceased human body's biometric data introduced to State Senate

20 February 2024

New York: Bill on data privacy and abortion referred to Internet and Technology Committee

20 February 2024

New York: Bill on health information privacy referred to Science and Technology Committee

20 February 2024

New York: Bill on biometric privacy act referred to Consumer Affairs and Protection Committee

20 February 2024

New York: Bill on age verification on social media platforms referred to Internet and Technology Committee

20 February 2024

New York: Bill on child data privacy referred to Science and Technology Committee

20 February 2024

New York: Bill providing for private right of action on deepfakes referred to Committee

Insights

February 2024

New York: NYDFS further enhances its cybersecurity regulations

When the New York Department of Financial Services (NYDFS) first promulgated its cybersecurity regulations in March 2017 (the Cybersecurity Regulations), these were widely considered the most prescriptive requirements imposed on financial institutions nationwide.¹ The Cybersecurity Regulations aimed to address constantly evolving cyber threats and enhance the financial industry's cybersecurity practices to reflect the reality that the cybersecurity landscape is changing rapidly with the increased sophistication of threat actors, rising prevalence of cyberattacks (including ransomware), higher remediation costs, and the proliferation of cybersecurity solutions and tools.

Moving the bar even further, the NYDFS has chosen to further enhance the Cybersecurity Regulations with recent updates announced on November 1, 2023. For those financial institutions subject to the NYDFS Cybersecurity Regulations, understanding the latest changes will be crucial to ensure compliance with these regulatory expectations in the coming years. Kim Phan and Edgar Vargas, from Troutman Pepper Hamilton Sanders LLP, highlight the recent amendments.

August 2023

New York: Paving the way for regulation of AI technology in the workforce

In this Insight article, Mark Francis and Sophie Kletzien, from Holland & Knight LLP, delve into New York City's pioneering regulations, making it the first US jurisdiction to govern artificial intelligence's (AI) role in employment decisions.

June 2022

New York: NYDFS Cybersecurity Regulation

May 2022

New York: New law establishes employer requirements for notice of electronic monitoring

On 8 November 2021, New York Governor Kathy Hochul signed into law Senate Bill ('SB') 2628, which requires every private-sector employer to provide notice of its electronic monitoring practices to all employees upon hiring, with written or electronic employee acknowledgement, and, more generally, in a 'conspicuous place' viewable by all employees. Since then, the law has taken effect on 7 May 2022. Mark Francis and Sophie Kletzien, from Holland & Knight LLP, summarise the main provisions and implications of SB 2628, while drawing comparisons to other States' laws.

December 2021

New York: Overview of the automated employment decision tools law

The New York City Council approved, on 10 November 2021, Bill Int 1894-2020 for a Local Law to amend the Administrative Code of the City of New York in relation to automated employment decision tools. Soon after, the bill was automatically enacted without a mayoral signature on 10 December 2021 and is due to take effect in 2023. In particular, the law regulates automated employment decision tools which score, classify, or otherwise make a recommendation, that is used to substantially assist or replace the decision-making process of an individual. OneTrust DataGuidance gives an overview of the law, its scope, and main provisions, alongside comments provided by Jessica Lee and Bianca Lewis from Loeb & Loeb LLP.

December 2021

New York: Data Protection in the Financial Sector

May 2021

New York

Summary

Browse more content in New York

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us