The New York State Attorney General’s office recently announced that
it had received approximately 1,300 data breach notifications in 2016,
a 60 percent increase over the previous year. The reported breaches resulted
in the unauthorized exposure of personal and financial information of
about 1.6 million New York State residents.
The Office of the Attorney General began collecting information regarding
the unauthorized exposure of personal data after New York’s General
Business Law section 899-aa was enacted in 2005. That statute generally
provides that parties conducting business in New York State that own or license computerized
data containing individuals’ “private information” must
disclose any breach to any New York State residents whose private information
was, or is reasonably believed to have been, acquired without valid authorization.
In addition, businesses that suffer such a breach must notify the Attorney
General and other agencies. Approximately 46 other states currently have
similar data breach notification laws.
Of the roughly 1,300 incidents reported,
hacking accounted for more than 40 percent of the data security breaches in 2016.
Employee negligence or malfeasance, including the inadvertent exposure of records, lost devices and intentional
wrongdoing, constituted another approximately 37 percent of these breaches.
The most frequently acquired information in 2016 was Social Security numbers,
financial account information, driver’s license numbers, dates of
birth and password/account information.
No organization is immune from the risk of data breaches, which can expose
firms to numerous legal obligations and may result in significant liabilities.
Therefore, businesses of all sizes must guard against common causes of
data breaches, such as hacking and employee acts or omissions, by:
- creating and implementing a data breach incident response plan,
- evaluating existing systems and vendor agreements to identify vulnerabilities,
- assessing the need for cyber insurance,
- frequently educating employees on cyber risks, and
- promptly investigating and remediating breaches.
For more information regarding the topic, contact
Michael Riela at
email@example.com or at
212.508.6773. Visit us at www. thsh.com to learn more about Tannenbaum Helpern’s
Cybersecurity and Data Privacy practice.
About Tannenbaum Helpern Syracuse & Hirschtritt LLP
Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined
a powerful mix of insight, creativity, industry knowledge, senior talent
and transaction expertise to successfully guide clients through periods
of challenge and opportunity. Our mission is to deliver the highest quality
legal services in a practical and efficient manner, bringing to bear the
judgment, common sense and expertise of well trained, business minded
lawyers. Through our commitment to service and successful results, Tannenbaum
Helpern continues to earn the loyalty of our clients and a reputation
for excellence. For more information, visit www.thsh.com. Follow us on
LinkedIn and Twitter: @THSHLAW.