CoronavirusDigital Transformation in the Time of COVID-19

Digital Transformation in the Time of COVID-19

In response to the COVID-19 pandemic, businesses around the globe have made a major pivot to online or virtual operations, hitting fast forward on digital transformations that usually take time and careful planning. Everything from university classes to corporate board meetings to wine tasting at your local bar have jumped online, opening a whole new world of possibilities—and potential data security and privacy risks that should not be overlooked. With privacy and data security concerns more important than ever before, it is important to remember that even emergency digital transformations must use a “measure twice cut once” strategy that factors in Privacy by Design at the outset.

Why Privacy Considerations Can’t Wait Until Later

In the rush to move business online, it may seem like a necessity to gloss over privacy risks and deal with them later. However this approach is inefficient at best and can be disastrous if there’s a security breach. Digital transformation has to start without an intentional focus on data protection and a solid understanding of the regulatory landscape.

This understanding is becoming increasingly important as privacy laws like the GDPR and CCPA, along with a host of new regulations on the horizon, highlight Privacy by Design principles in their consumer privacy guidelines. That means in many cases, putting consumer privacy first isn’t just good business—it’s a legal requirement. In fact, article 25 of the GDPR demands that organizations practice “privacy by design and by default,” meaning organizations must integrate data protection up front in any design or business practice and maintain those protections throughout the data lifecycle.

How to Make Privacy a Cornerstone of Digital Transformation

A good digital transformation strategy will define goals, identify appropriate technologies, establish leadership and educate staff on the new technologies and protocols. But each of those steps should be driven by data privacy and security considerations.

Therefore even if the digital transformation needs to happen quickly, it’s critical to make sure privacy is the cornerstone of the plan. At Beckage our experienced team of attorneys can work with you to assess potential privacy pitfalls and blind spots, especially in this ever-shifting legal landscape. Beckage attorneys provide on-site and around-the-clock counsel to clients on data protection and information security practices required under state or federal law, for example, or advise on security risks and responsibilities. Taking the time to employ Privacy by Design is an upfront investment that will help ensure your digital transformation strategy is built on solid ground.

*Attorney Advertising. Prior results do not guarantee future outcomes.

Subscribe to our newsletter.

Important Privacy Developments in New York State

Important Privacy Developments in New York State

**Alert Update: The SHIELD Act has been signed into law, and is effective in New York State on March 22, 2020.

As always, Beckage lawyers are available to assist in addressing any questions you may have regarding data security developments. Please feel free to contact us.

There are two important privacy developments in New York State that companies should take note of: the Stop Hacks and Improve Electronic Data Security (SHIELD) Act and the New York Privacy Act (NYS5642).  If passed, these pieces of legislation will impose more stringent data security requirements on companies that collect information from New York residents.

1.       THE SHIELD ACT

Passed by the State’s legislature, the SHIELD Act updates New York’s general business law (GBL 899-aa) governing notification requirements, consumer data protection obligations, and broadens the Attorney General’s oversight regarding data breaches impacting New Yorkers.

Specifically, the Act purports to:

  • Expand the scope of information subject to the current data breach notification law to include biometric information, email addresses, and corresponding passwords or security questions and answers;  
  • Broaden the definition of a data breach to include unauthorized “access” to private information from the current “acquired” standard;
  • Apply the notification requirement to any person or entity with private information of a New York resident, not just to those that conduct business in New York State;  
  • Update the notification procedures companies and state entities must follow when there has been a breach of private information; and
  • Create reasonable data security requirements tailored to the size of a business.

STATUS

Passed by the legislature, awaiting signature by the Governor. Additionally, amendments to the Act are currently pending. 

**Alert Update: The SHIELD Act has been signed into law, and is effective in New York State on March 22, 2020.

2.       THE NEW YORK PRIVACY ACT (NYS5642)

This bill, which has passed the Senate, was proposed by State Senator Thomas and is currently pending before the Senate Consumer Protection Committee. It has been compared to the General Data Protection Regulation and California Consumer Protection Act but differs in certain respects. Among other things, it purports to apply to most entities doing business in New York State, and includes those businesses outside the state that produce products or services targeted to NYS residents. Unlike the CCPA, there is no monetary or revenue threshold that must first be met to be included in the Act’s jurisdictional scope. 

This Act governs (and in some instances, limits) the collection and use of personal data by those entities. It requires consent, provides for certain data subject rights (correction, deletion), and includes a private right of action against companies processing jurisdictional PD. The bill does purport to exempt from its reach data sets governed by HIPPA/HITECH.

STATUS

Pending in Senate Consumer Protection Committee.  

PREDICTION

This bill is likely to pass the Senate.  However, as there is no same-as bill in the Assembly, the bill likely will not be passed this session. That said, it is a priority bill for Sen. Thomas and we expect more pressure next year to pass it.

Beckage PLLC continues to monitor privacy bills and regulations pending in New York State, including:

  • Proposed NYS Biometric Privacy Act;
  • Department of Financial Services regulations impacting credit reporting agencies;
  • New York Department of State Emergency Regulations on Identify Theft prevention and mitigation;
  • Proposed legislation relating to the New York State Cyber Security Advisory Board, a Cyber Security Action Plan for the State, and Periodic Cyber Security Reports.

Have questions? Our team at Beckage is uniquely positioned to advise on emerging privacy laws at both the state and national level. Contact us today for a consultation.

*Attorney Advertising: Prior results do not guarantee a similar outcome.