Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds from their new employers.

On November 1, 2024, NYDFS issued guidance warning companies against an increasing risk posed from individuals applying for employment in IT roles who are in fact operating on behalf of North Korea. These applicants seek employment in order to infiltrate western companies’ computer systems and illicitly generate revenue for the North Korean regime.

Keypoint: Although New York lacks a consumer data privacy law, the New York Attorney General’s office has taken the position that New York’s consumer protection laws require entities to implement certain tracking technology practices.

In mid-July the New York Attorney General’s office published a Guide for Website Privacy Controls in which the office identifies “mistakes we found businesses making when deploying tracking technologies.” The guidance acknowledges that New York lacks a consumer data privacy law that regulates online tracking technologies, but takes the position that “New York’s consumer data protection laws . . . , which prohibit businesses from engaging in deceptive acts and practices, effectively require that websites’ representations concerning consumer privacy be truthful and not misleading.” According to the Attorney General, this “means that statements about when and how website visitors are tracked should be accurate, and privacy controls should work as described.”

In the below article, we provide a brief overview of the guidance and some key takeaways.

Keypoint: Assuming the bills become law and go into effect, operators of websites and online services that collect the personal data of minors and are subject to the bills will need to undertake several compliance activities.

On June 7, 2024, the New York legislature passed two bills directed at kids’ use of online technologies –

Keypoint: After a January hearing, New York City continues to consider comments to a new law regulating employers’ use of automated employment decision tools, with enforcement to begin “in the coming months.”

New York City moves closer to implementing Local Law 144, the first major U.S. law governing the use of AI employment technologies. On January 23, 2023, the New York City Department of Consumer and Worker Protection (DCWP), the agency charged with enforcing the law, held a second public hearing on the law’s proposed rules to address several ambiguities related to key definitions and the scope of the law. Within the past week, the DCWP published a transcript of the hearing and announced that it would finalize its rules and begin enforcement “in the coming months.”

Keypoint: Employers who use automated employment decision tools in New York City will receive additional guidance on complying with Local Law 144 before enforcement begins on April 15, 2023.

New York City employers who use automated employment decision tools (“AEDTs”) now have until April 15, 2023, to prepare for compliance with New York City Local Law 144 which regulates usage of such tools. The law was to go into effect on January 1, 2023.

In the below post, we provide a brief overview of the law and its current rulemaking process.

Keypoint: As of May 7, 2022, New York employers that monitor or intercept employee emails, internet usage, or telephone communications must provide written notice to those employees.

On May 7, 2022, an amendment to the New York Civil Rights Act goes into effect that requires private employers with places of business anywhere in the state to provide employees a written notice if the employer monitors or intercepts employee emails, internet access or usage, or telephone conversations. The written notice must communicate that “any and all telephone conversations or transmissions, electronic mail or transmissions, or internet access or usage by an employee by any electronic device or system . . . may be subject to monitoring at any and all times by any lawful means.”

Keypoint: This week the Colorado legislature passed the Colorado Privacy Act.

Below is our sixteenth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we need to make a few announcements.

This will be our last weekly update – for now. With the legislatures in so many states having adjourned for the year and the bills in the remaining states not moving forward, we will be pausing our weekly updates. Rest assured, we will be back when things heat up again.

Even though we are pausing our weekly updates, we are not slowing down our work on state consumer privacy legislation.

On June 15, we will be hosting a webinar on the Colorado Privacy Act. Click here to register.

Starting Monday, June 21, we will be releasing a limited podcast series with interviews of state lawmakers who spearheaded privacy legislation in 2021. If you want to know the inside story on how these bills are drafted and lobbied, you will not want to miss these interviews.

Finally, if you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: This week the Colorado legislature continued to advance the Colorado Privacy Act, and the Nevada Governor signed into law a bill that will broaden the state’s pre-existing right to opt out of sales as of October 1, 2021.

Below is our fifteenth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: This week the Colorado Senate passed the Colorado Privacy Act, the Nevada legislature passed a bill to broaden the state’s pre-existing right to opt out of sales, and the New York Privacy Act advanced to a third reading in the Senate.

Below is our fourteenth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Keypoint: This week the Connecticut Senate Appropriations Committee and New York Consumer Protection Committee passed their bills, and the Nevada Assembly passed its bill, which would broaden Nevada’s pre-existing right to opt out of sales.

Below is our thirteenth weekly update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide two reminders.

First, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.