Morrison Foerster is an international law firm with lawyers practicing throughout the United States, Asia, and Europe. Click to discover more.

mofo_share_image.jpg

Morrison Foerster

common-default.jpeg

Terms / Notices

Cookies

Privacy Policy

Reporting Hotline

Attorney Advertising

Alumni

  Linkedin

MoFo LinkedIN

  Facebook

MoFo Facebook

YouTube

MoFo Youtube

Morrison Foerster - Footer

New York Tightens the Breach Clock: 30 Days to Notify

You have not solved the recaptcha challenge yet or session expired, try again.

Email Disclaimer

Disclaimer

Unsolicited e-mails and information sent to Morrison Foerster will not be considered confidential, may be disclosed to others pursuant to our <a href="https://www.mofo.com/about/privacy-policy.html">Privacy Policy</a>, may not receive a response, and do not create an attorney-client relationship with Morrison Foerster. If you are not already a client of Morrison Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.

Feedback

mofo-logo-2022.svg

People

Capabilities

Resources

About

Culture

Offices

Careers

Stay Connected

Melissa Crespo and Reiley Porter wrote this article for Corporate Compliance Insights about recent amendments to New York's data...

We are Morrison Foerster — a global firm of exceptional credentials. Our clients include some of the largest financial institutions, investment banks, and Fortune 100, technology, and life sciences companies. Our lawyers are committed to achieving innovative and business-minded results for our clients, while preserving the differences that make us stronger.Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Prior results do not guarantee a similar outcome.

About Morrison Foerster

people-default-header-desktop.jpg

people-default-header-mobile.jpg

Default Meta Data

Melissa Crespo and Reiley Porter wrote this article for Corporate Compliance Insights about recent amendments to New York's data breach notification law, which imposed a 30-day notification requirement and expanded the definition of protected information to include medical and health insurance data. Effective December 21, 2024, businesses must notify affected New York residents within 30 days of discovering a breach, aligning with a national trend towards stricter notification timelines. Additionally, DFS-regulated entities must notify the New York Department of Financial Services, alongside other state regulators, of any breaches. The amendments reflect a broader shift across states towards more comprehensive definitions of personal information and expedited breach notification requirements.Read the <a href="https://www.corporatecomplianceinsights.com/new-york-tightens-breach-clock/" target="_blank">full article</a>.

New York Tightens the Breach Clock: 30 Days to Notify

Sign Up

Melissa Crespo helps clients navigate a wide range of challenging privacy compliance and data security matters with a focus on the health information and the health care sector. She regularly helps clients develop and implement privacy compliance programs and advises companies on managing risk in connection with cutting-edge technologies and data initiatives.Melissa has particular experience in advising clients on compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other laws governing the collection and use of medical and health information.Melissa regularly counsels clients responding to data breaches and security incidents. She has successfully defended clients in numerous regulatory inquiries regarding data security practices, including investigations by the Federal Trade Commission, the U.S. Department of Health and Human Services, state attorneys general, and foreign regulators following data security incidents.Melissa also advises multinational companies on the privacy and data security aspects of their M&A transactions and has experience drafting and negotiating tailored privacy and data security contract provisions.In 2019, 2020, and 2021, The Legal 500 US recognized Melissa as a “Rising Star” in the area of cyber law, data privacy, and data protection. In 2016, she was shortlisted for the “Future Leader – Gender Diversity” award at the inaugural Chambers USA Diversity Awards. Melissa was a 2015 recipient of the Burton Award for Legal Achievement, which honors excellence in legal writing.Melissa earned her J.D., cum laude, from Howard University School of Law.

Melissa Crespo

Partner

Reiley Porter is an associate in the in the firm’s Privacy + Data Security and National Security practice groups. She is based in the firm’s Washington, D.C. office.Reiley’s practice focuses on advising clients on significant cybersecurity incidents and other sensitive matters relating to U.S. domestic and international cybercrime, national security, and crisis management, including matters that involve multijurisdictional investigations and significant media attention. Reiley has substantial experience managing third-party forensic and internal investigations, e-discovery efforts, and communications both with relevant regulatory agencies and impacted stakeholders.She has successfully defended clients in numerous regulatory inquiries regarding data security practices, including investigations by state attorneys general and international regulators following data security incidents. Reiley also has considerable experience advising clients on the sanctions regulations of the U.S. Department of the Treasury’s Office of Foreign Assets Control, particularly sanctions programs related to Russia and Iran.Reiley maintains a robust pro bono practice with a focus on national security and cybersecurity. Among her past pro bono experience, Reiley was a key member of a team providing urgent sanctions advice in response to Russia’s invasion of Ukraine and supported a team defending the civil rights of Georgia voters related to Georgia’s adoption of an unreliable election system.Reiley received her J.D. from Harvard Law School, where she was a student advocate in the Cyberlaw Clinic and a citations manager and editor for the Journal of Law & Technology. She has particular experience advising on and writing about issues at the intersection of law and technology. While in law school, Reiley also worked at the Federal Communications Commission in the Office of General Counsel. Before law school, Reiley graduated magna cum laude with a B.S. in computer science from the University of Nevada, Las Vegas, and worked in a National Science Foundation-funded research lab developing the Quorum programming language, an evidence-oriented language developed with accessibility in mind.