Legislation

New Notification Requirements in New York for Healthcare Providers Facing a Cybersecurity Incident

Frank J. Fanshawe, Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: On August 12, Mahesh Nattanmai, New York’s Chief Health Information Officer, issued a notice letter (“the notice”) on behalf of the New York State Department of Health (“Department”) requiring healthcare providers to use a new notification protocol for informing...

Delaware Signs Insurance Data Security Act into Law

Joshua Mooney of White & Williams writes: On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the Delaware law establishes a regulatory framework requiring insurers licensed to do business in Delaware...

New York Becomes Fifth State to Define a Breach to Include “Access” to Information

Daniel De Zayas, a legal intern at ZwillGen, writes: New York has updated its breach notification and data security law, expanding the definition of a data breach and imposing detailed reasonable security requirements, among other changes. The amendment also adds a number of new data elements to the definition of “private information.” On July...

NY: Governor signs bills to help prevent data breaches

Marian Hetherly and AP report: New York State is strengthening a law requiring companies that handle consumers’ personal data to notify them about any data breaches. Gov. Andrew Cuomo on Thursday signed legislation that expands the law to cover any company holding personal data belonging to a New Yorker, and not just companies doing...