Cybersecurity Update: Takeaways from the New York OAG’s April 2023 Report

The Office of the New York State Attorney General (OAG) recently issued a report on “Protecting consumers personal information – Tips for businesses to keep data safe and secure.” According to Attorney General James, the guidance is “intended to help companies strengthen their data security” and to put them “on notice that they must take their data security obligations seriously, and at a minimum, take the reasonable steps outlined in this report.”

Topics to Include:

1.   The cybersecurity obligations set out in the New York State SHIELD Act;

2.   Highlights of the report, including recommendations on multifactor authentication and encryption;

3.   The OAG's view of the obligations of companies that provide customer information to service providers;

4.   Guidance regarding providing notice to consumers following a breach (5 minutes)

5.   What “credential stuffing attacks” are and steps companies should take to prevent them;

6.   Attorneys’ ethical duty of technological competence;

7.   Considerations when advising your clients and/or company on its cybersecurity policies and procedures in light of the report;

Speakers

Gail Gottehrer, Law Office of Gail Gottehrer LLC

Ronald J. Hedges, Ronald Hedges, LLC