Cybersecurity: NY Attorney General James Secures $1.9 Million Settlement from Zoetop
On October 12, 2022, New York Attorney General Letitia James released a statement that her office secured a $1.9 million settlement from Zoetop Business Company, a global online fashion retailer that owns SHEIN and ROMWE. This is a result of the company’s alleged failure to handle a data breach that jeopardized the personal information of its customers.
In 2018, Zoetop was a victim of a cybersecurity attack when hackers stole the payment information and personal data of 39 million SHEIN accounts and 7 million ROMWE accounts, 800,000 of those are residing in New York. According to an investigation conducted by the Office of the Attorney General (OAG), the company although aware of the situation has downplayed the incident and failed to do the proper steps to protect its customer's accounts before and after the data breach. For the “vast majority” of SHEIN accounts impacted in the breach, Zoetop “failed to even alert those customers that their login credentials had been stolen.”
In addition to the settlement amount, the fashion retailer needs to maintain a comprehensive information security program that documents specific security measures and controls. The company also must appoint a qualified employee to oversee the information security program and offer identity protection services to customers at no charge.
Regulation: White House Office of Science and Technology Policy Released AI Bill of Rights
The White House Office of Science and Technology Policy (OSTP) published a set of guidelines for companies to abide by when using and implementing artificial intelligence. Although the guidelines are not binding, the OSTP expects that Blueprint for an AI Bill of Rights will influence tech companies to focus on protecting the privacy of consumers which includes disclosure of the why and how of the automated system.
The released blueprint provides five principles:
- Safe and Effective Systems
- Algorithmic Discrimination Protections
- Data Privacy
- Notice and Explanation
- Human Alternatives, Consideration & Fallback
The principles are designed to be woven into system development to ensure safety and transparency, while also reducing the potential for algorithmic discrimination.
Events: Retain, or destroy (data)? That is the question!
ILTA will have a webinar about data retention on October 25, 2022, from 8:00 am to 9:00 am PST. The online event will be led by Chris Giles and Kandace Donovan and topics will include managing data on different platforms and policy collaboration and compliance across the organization. You can register here.
Learn about what we do. InfiniGlobe is a consulting and software company that specializes in helping corporate legal departments and law firms. Reach out to us at info@InfiniGlobe.com or at (833) LGL-TECH.