Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Don't forget physical safeguards for data privacy when returning to in-person work

      Articles

    Article

    Don't forget physical safeguards for data privacy when returning to in-person work

    June 24, 2021

    LinkedInX (Twitter)EmailCopy URL

    By Christopher Mason

    Returning to an in-person work environment can present challenges that suddenly seem as novel as complying with a new 2021 law. So as business come back to fuller in-person operation after COVID-19, we are reminding those with bricks-and-mortar operations to make sure that they re-engage with the in-person elements of their data breach protection policies.

    We have been reminding New York businesses that, on July 9, 2021, New York City’s new biometric privacy law goes into effect and restricts the collection and use of biometric information by “commercial establishments” in the City. For more information, see our recent blog post.

    But even returning to an in-person work environment can present challenges that suddenly seem as novel as complying with a new 2021 law. So as business comes back to fuller in-person operation after COVID-19, we are reminding those with bricks-and-mortar operations to make sure that they re-engage with the in-person elements of their data breach protection policies. For example, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act’s data security requirements became effective (on March 21, 2020) almost precisely when COVID-19 lockdowns began. See N.Y. Gen. Bus. L. § 899-aa. Under the SHIELD Act, businesses—whether they are physically in New York or not—must protect their computerized “private information” about New York residents (such as account numbers, biometric information, credit and debit card numbers, driver’s license numbers, access codes, user names, e-mail addresses, passwords, and security questions and answers) from unauthorized access, not just theft.

    Companies that comply with the Gramm-Leach-Bliley Act, HIPAA, HITECH, or the New York Cybersecurity Requirements for Financial Services will typically satisfy the SHIELD Act, and are less likely to need this reminder. But others—even those which have lighter compliance burdens under the SHIELD Act because they have fewer than 50 employees and less than $3 million in annual revenue—may need a refresher. So do not forget that the law requires that you maintain reasonable physical safeguards as well as administrative and technical safeguards for private information. For example, it may be possible in a work-from-home environment (depending on where and with whom an employee lives, of course) to consider a laptop turned off and left on a kitchen table secure when an employee locks his or her front door and goes out. But in an office or retail environment, or traveling to and from such locations, physical security needs can be quite different. Do not forget to review them, train for them, and monitor them. (And also remember that the SHIELD Act has some important documentation requirements, including potential reporting to the New York Attorney General in certain instances, with penalties of up to $250,000 for noncompliance.)

    Practices

    Biometric Information Privacy Act (BIPA)Cybersecurity & PrivacyHealth Information - Privacy, Security & Data Sharing
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved