New York AG Remains Active On The Data Security Enforcement Front

In yet another example of its focus on imposing greater data security accountability, the New York Attorney General (“NYAG”) recently announced a significant settlement with Marymount Manhattan College (“the College”). The settlement stems from a data breach to which the College was subject in 2021. Following an investigation, which, according to the NYAG, revealed inadequacies in the College’s data security program, the NYAG secured a commitment from the College to invest $3.5 million over the next six years to bolster that program. Specifically, the College committed to:

maintaining a comprehensive information security program that includes regular updates to keep pace with changes in technology and security threats;

encrypting all personal information, whether stored or transmitted, between documents, databases, or elsewhere;

maintaining reasonable policies to perform security updates and patch management;

enabling multifactor authentication for users logging into the College’s networks;

scanning for vulnerabilities and potential weaknesses; and

publicly sharing the College’s plans for collecting, retaining, and deleting personal information.

In its press release announcing the settlement, the NYAG made a point of highlighting some of its other recent six- and seven-figure settlements with organizations that have experienced data breaches, including organizations in the sportswear, healthcare, clothing, supermarket, and e-commerce spaces. The NYAG also referenced the data security guidance it issued in April 2023, which we discussed here, outlining safeguards the NYAG views as high-priority, including access controls, encryption of sensitive information, service provider vetting and contracting, data mapping, and incident response planning.

Given the NYAG’s heightened enforcement posture over the past couple of years, as well as the recent bolstering of the New York Department of Financial Service’s cybersecurity regulations, which we discussed here, organizations that process personal information relating to New York residents face increased pressure to continuously assess the adequacy of their data security programs and to make timely upgrades.

Our Privacy, Data & Cybersecurity group will continue to track these developments.

Reach Out

Don’t hesitate to reach out to us to discuss your specific needs. Our team is ready and eager to provide you with tailored solutions that align with your firm’s goals and enhance your digital marketing efforts. We look forward to helping you grow your law practice online.

Our Services:

Blog Post Writing

We do well-researched, timely, and engaging blog posts that resonate with your clientele, positioning you as a thought leader in your domain. Content Writing: Beyond blogs, we delve into comprehensive content pieces like eBooks, whitepapers, and case studies, tailored to showcase your expertise.

Website Content Writing

First impressions matter. Our content ensures your website reflects the professionalism, dedication, and expertise you bring to the table.

Social Media Management

In today’s interconnected world, your online presence extends to social platforms. We help you navigate this terrain, ensuring your voice is consistently represented and heard.

WordPress Website Maintenance

Your digital office should be as polished and functional as your physical one. We ensure your WordPress site remains updated, secure, and user-friendly.

For more information, ad placements in our attorney blog network, article requests, social media management, or listings on our top 10 attorney sites, reach out to us at seoattorneyservices@gmail.com.

Warm regards,