On December 22, 2021, Governor Hochul signed a Bill[i] directing “the department of financial services, in consultation with the department of health to prepare a report with recommendations on their review of covered benefits related to childbirth offered by all health insurance providers in New York state.”[ii]  The purpose of the Bill is: “[t]o uncover hidden costs related to childbirth, shine a light on disparities in rates negotiated by insurers covering the birth, and determine if Statewide standards should be adopted.”[iii]

Pursuant to the Bill, the Department of Financial Services, in cooperation with the Department of Health, is to conduct a review of the benefits related to childbirth and “must include an examination of length of stay periods, costs incurred by patients and reimbursed to providers, and additional benefits offered, or not.”[iv]

Senator Julia Salazar in addressing this Bill stated that: “People expecting a child face many unknowns, which often cause anxiety and uncertainty. One of these is the difficulty many face in ascertaining the costs they will incur for labor and delivery. This bill alleviates that concern by requiring the Department of Financial Services to study and report on the coverage actually provided by insurance companies in New York for these services.”[v]

Assemblymember Chantel Jackson in discussing the Bill stated that:  Maternal Health has been of critical importance across the nation and here in New York State, as more needs to be done to close the gap in maternal mortality among women of color.  Race, poverty and discrimination still play a role in the maternal care and delivery options available and afforded to women of color.  This legislation will focus on creating a study that will shed a light and better understanding on the current insurance benefits and coverage related to childbirth. This legislation will help identify and address the areas where insurance coverage standards must be revised to better serve the maternal health needs of expectant mothers before, during and after delivery.”

The report and recommendations will be used to “determine if state-wide standards should be adopted in addition to taking measure of how the State already fulfills requirements set by the Federal ACA [Affordable Care Act].”[vi]

For further information, please contact Christopher E. Vatter at cvatter@jaspanllp.com or Samantha M. Guido at sguido@jaspanllp.com.

[i] https://www.nysenate.gov/legislation/bills/2021/s4827

[ii] Id.

[iii] Id.

[iv] Id.

[v] https://www.governor.ny.gov/news/governor-hochul-signs-legislation-addressing-labor-and-healthcare-inequalities-women

[vi] https://www.nysenate.gov/legislation/bills/2021/s4827

One of the many unspoken issues facing homeless women is access to feminine hygiene products.  Governor Hochul, recognizing this issue, signed legislation on December 22, 2021, amending Social Services Law by adding a new section 152-c[i], which requires that feminine hygiene products be provided at no cost to menstruating individuals in homeless shelters.  The products include, but not limited to, sanitary napkins, tampons and panty liners.”[ii]  “This bill will provide feminine hygiene products at no cost to adults and children in shelters throughout New York State.”[iii] “Menstrual products can be unaffordable for those already struggling. This bill provides these products free of charge so those living in homeless shelters do not have to resort to using unsafe alternatives that can result in serious infection.”[iv] Senator Michelle Hinchey, who sponsored Senate Bill S6572, stated: “Access to menstrual supplies is a fundamental health necessity, and yet in almost every community across our state, there are people who cannot afford period products – a dilemma that no one should ever have to face.”[v] Assemblymember Linda B. Rosenthal echoed this sentiment and stated that woman should not be forced between deciding whether to buy food or menstrual products.[vi] This legislation is a small step in ensuring that women are treated fairly.

It is important that issues specific to women are brought to light and that women are treated equally and fairly. For further information, please contact Christopher E. Vatter at cvatter@jaspanllp.com or Samantha M. Guido at sguido@jaspanllp.com.

[i] Senate Bill S6572/A.529-A.

[ii] Id. at “Summary”.

[iii] Id. at “Purpose”.


[v] Id.

[vi] Id.

Jaspan Schlesinger is proud to celebrate Women’s History Month. March is designated Women’s History Month by Presidential proclamation.[i] “Every March, Women’s History Month provides an opportunity to honor the generations of trailblazing women and girls who have built our Nation, shaped our progress, and strengthened our character as a people.”[ii]

“Women’s History Month had its origins as a national celebration in 1981 when Congress passed Pub. L. 97-28 which authorized and requested the President to proclaim the week beginning March 7, 1982 as ‘Women’s History Week.”’[iii]   In 1987, “Congress passed Pub. L. 100-9 which designated the month of March 1987 as ‘Women’s History Month.’ Between 1988 and 1994, Congress passed additional resolutions requesting and authorizing the President to proclaim March of each year as Women’s History Month.”[iv]  These proclamations celebrate the contributions women have made to the United States and recognize the specific achievements women have made over the course of American history in a variety of fields.[v]

President Biden, in issuing this year’s Proclamation, stated that: “[t]his Women’s History Month, as we reflect on the achievements of women and girls across the centuries and pay tribute to the pioneers who paved the way, let us recommit to the fight and help realize the deeply American vision of a more equal society where every person has a shot at pursuing the American dream.  In doing so, we will advance economic growth, our health and safety, and the security of our Nation and the world.”[vi]

Governor Hochul in signing legislature addressing women’s issues stated: “New York must continue to break down barriers for women and fight inequality throughout our state.”[vii] “These laws will address a variety of important issues, supporting STEM [ Science, Technology, Engineering, and Mathematics fields] careers and helping to ensure equity and access in women’s health.”[viii]

Despite progress being made, women still face obstacles in many endeavors and further progress is needed to ensure that women have the same opportunities as men and are treated equally. Jaspan Schlesinger proudly joins the Nation in recognizing March as Women’s History Month.  As we recognize Women’s History Month, we will be updating our blog with relevant and timely information and resources regarding laws which address and highlight women’s issues.

[i] Pub. L. 100-9.

[ii] https://www.whitehouse.gov/briefing-room/presidential-actions/2022/02/28/a-proclamation-on-womens-history-month-2022/#:~:text=NOW%2C%20THEREFORE%2C%20I%2C%20JOSEPH,2022%20as%20Women’s%20History%20Month.

[iii] https://womenshistorymonth.gov/about/

[iv] Id.

[v] Id.

[vi] https://www.whitehouse.gov/briefing-room/presidential-actions/2022/02/28/a-proclamation-on-womens-history-month-2022/#:~:text=NOW%2C%20THEREFORE%2C%20I%2C%20JOSEPH,2022%20as%20Women’s%20History%20Month.

[vii] https://www.governor.ny.gov/news/governor-hochul-signs-legislation-addressing-labor-and-healthcare-inequalities-women

[viii] Id.

New York state now requires all health care workers to receive a COVID-19 booster shot within two weeks of becoming eligible. An individual is considered eligible for the booster five months after receiving the second shot in a two-dose regime (either the Moderna or Pfizer vaccine) or two months after receiving the J&J single dose vaccine.  Governor Hochul announced this mandate on January 7, and the New York Public Health and Health Planning Council formally adopted the mandate on January 11, citing the importance of the booster to controlling the spread of COVID-19 in healthcare facilities and to limiting staffing shortages in healthcare facilities due to sick and quarantined employees.

The mandate went into effect immediately following its adoption and impacts all personnel working in hospitals, nursing homes, adult care, and other congregate settings as defined in the original regulation. Covered personnel is broadly defined and includes “all persons employed or affiliated with a covered entity, whether paid or unpaid, including but not limited to employees, members of the medical and nursing staff, contract staff, students, and volunteers, who engage in activities such that if they were infected with COVID-19, they could potentially expose other covered personnel, patients, or residents to the disease.” (10 NYCRR § 2.61.)

The booster mandate allows for some medical exemptions, but, like the state’s initial healthcare worker vaccine mandate announced in August 2021, does not permit religious exemptions. The original healthcare worker vaccine mandate was challenged in federal court based on the religious exemption issue. But on November 4, 2021, the United States Court of Appeals for the Second Circuit upheld the original vaccine mandate, stating that the failure to provide a religious exemption did not violate the employees’ religious freedoms. In its opinion, the Second Circuit clarified that, despite lacking a religious exemption, the original mandate did not violate employees’ rights as it did not preclude an employer from providing a reasonable accommodation for employees with sincerely held religious beliefs if doing so would not impose an undue burden on the employer and would allow the objecting employee to continue working in a capacity consistent with the mandate, that is, without coming into contact with patients or other employees. The Second Circuit’s findings were upheld by the Supreme Court on December 13, 2021, when it rejected the plaintiffs’ request for a stay of the regulations. The same findings will apply to the booster mandate, making it difficult for employees to mount additional legal challenges. Also as with the original vaccine mandate, the booster mandate does not provide any option for testing-out.

While it has not been met with the same level of resistance as the original healthcare worker vaccine mandate, some groups are already pushing back against the booster requirement. One day after the council adopted the booster mandate, 11 counties published a letter urging Governor Hochul to reconsider the new rule. In the letter, they cited severe staffing shortages and the fear that the new mandate would exacerbate what is already a tenuous situation. However, it is unlikely that these objections will gain traction, and the rule is expected to remain in effect for the foreseeable future.

New York was the first state to mandate the COVID-19 booster shot in any manner, but others are quickly following suit.  On Wednesday, January 20, New Jersey adopted a similar booster mandate requiring employees of New Jersey hospitals, nursing homes, prisons and jails to receive the booster. California has also adopted a booster mandate for healthcare workers that will go into effect on February 1.

If you have questions on this topic, please contact Jillian McNeil at jmcneil@jaspanllp.com or Jessica Baquet at jbaquet@jaspanllp.com.

New York Governor Kathy Hochul recently signed S.B. 4394, an amendment of Section 740 of the New York Labor Law that amounts to a significant expansion of safeguards for whistleblowers. Effective January 26, 2022, the new law broadens the definition of retaliation, creates new notice and reporting requirements, extends certain protections to former employees and independent contractors, and increases potential damages, among other things discussed in greater detail below.

Who is an “Employee” Under the New Law?

Formerly, whistleblower protections were only extended to those “who perform[ ] services for and under the control and direction of an employer for wages or other remuneration,” as that was the definition of “employee.” However, under the amended law, the range of people protected from retaliation includes current and former employees as well as independent contractors.

What Kind of Activity is Protected Under the New Law?

Under the old law, employees were only protected when reporting a violation that created a substantial and specific danger to public health or safety. By contrast, the amended law protects those who disclose or threaten to disclose anything relating to practices and activities that the employee “reasonably believes” (1) violate a law rule, or regulation, or (2) pose a substantial and specific danger to public health or safety. The employee is also protected if he provides information to or testified before a public body, or objects or refuses to participate in the subject policy or practice.

What Constitutes Retaliation Under the New Law?

Under the old law, the definition of retaliatory conduct was limited to the discharge, suspension or demotion of an employee, or other adverse employment action. Now, the law also protects against actual or threatened adverse employment actions, including (1) the above-described conduct, (2)  conduct that would adversely impact a former employee’s current or future employment; and (3) the contacting of immigration authorities or reporting the immigration status of employees or their family members.

How Have the Reporting Requirements Changed?

Under the old law, employees had to report any violations to their employer first, before disclosing it to a public body. This was intended to give the employer a reasonable opportunity to correct the alleged violation. The amended law, however, requires only that employees make a “good faith” effort to notify their employer first. Further, the employee can entirely bypass that step, and go straight to public disclosure if the employee reasonably believes: (1) that there is imminent and serious danger to public health or safety; (2) that reporting the alleged wrongdoing to their employer will result in the destruction of evidence, concealment, or harm to the employee; or (3) that his supervisor already knows of the violation and will not correct it.

What Else Has Changed?

Under the old law, a plaintiff could seek (1) injunctive relief; (2) reinstatement; (3) compensation for lost wages, benefits, and other remuneration; and (4) reasonable costs, disbursements, and attorneys’ fees. The law now allows for a jury trial and permits, in addition to existing remedies, front pay in lieu of reinstatement, the recovery of up to $10,000 and punitive damages. If the plaintiff prevails, he may be entitled to injunctive relief, reinstatement, compensation for lost wages, benefits, and other remuneration, and reasonable costs, disbursements, and attorneys’ fees. Importantly, the amended law also expands the statute of limitations from one to two years. However, it is also of note that, if the court finds that a retaliation claim was brought without basis in law or fact, the employer may now be awarded reasonable costs and attorney fees.

Recommendations for Employers Going Forward

Employers are required to post notice of the employees’ protections, rights and obligations under the new law. The notice should be conspicuous, meaning in an accessible and well-lighted place. A model posting will likely be available at the Department of Labor website in advance of the law’s effective date. Additionally, it may be appropriate to provide additional training for managers responsible for receiving and escalating whistleblower complaints. Further, it may be advisable to contact counsel when presented with reported violations by employees.

For further information on New York’s whistleblower laws or how to revise your company’s policies, contact David Paseltiner at 516-746-8000.




As we discussed in an earlier related blog post, effective March 31, 2021, the Marijuana Regulation and Taxation Act (“MRTA”) legalized the use of recreational marijuana for adults who are 21 and older and amended New York Labor Law 201(d), among other revisions, to prohibit employers from discriminating against an employee for such employee’s “legal use of consumable products, including cannabis in accordance with state law, prior to the beginning or after the conclusion of the employee’s work hours, and off of the employer’s premises and without use of the employer’s equipment of other property.” Recently, the New York Department of Labor (“DOL”) issued guidance on MRTA, which delineates permitted employer actions and answers to frequently asked questions.

Employers cannot test for cannabis and cannot rely on drug workplace policies existing prior to the effectiveness of MRTA, except for limited circumstances, such as if drug testing is specifically required by law. However, employers can implement new policies prohibiting cannabis use during work hours or on the employer’s property in compliance with the law.

What constitutes “work hours”?

Under the DOL guidance, “work hours […] means all time, including paid and unpaid breaks and meal periods, that the employee is suffered, permitted or expected to be engaged in work, and all time the employee is actually engaged in work. Such periods of time are still considered ‘work hours’ if the employee leaves the worksite.” Additionally, employers can prohibit cannabis while an employee is on call or “expected to be engaged in work.”

What is employer’s property?

Employers can prohibit use and even possession of cannabis on the “employer’s property, including leased or rented space, company vehicles, and areas used by employees within such property (e.g. lockers, desks, etc.).” The DOL guidance further states that “employers are permitted to prohibit use in company vehicles or on the employer’s property, even after regular business hours or work shifts.”

Can an employer take action against an employee for using cannabis on the job?

Yes, employers may take employment action against an employee if the employee manifests specific articulable symptoms of impairment that (i) decrease or lessen the performance of their duties or tasks and (ii) interfere with an employer’s obligations to provide safe and healthy workplace, free from recognized hazards as required by state and federal occupational safety and health laws (such as the operation of heavy machinery in an unsafe and reckless manner). Articulable symptoms of impairment are objectively observable indications that employee’s performance of the duties of the position of their position are decreased or lessened, however, the DOL guidance cautions that “such articulable symptoms may also be an indication that an employee has a disability protected by federal and state law (e.g., the NYS Human Rights Law), even if such disability or condition is unknown to the employer. Employers should consult with appropriate professionals regarding applicable local, state, and federal laws that prohibit disability discrimination.” Additionally, the DOL guidance specifies that the smell of cannabis alone is not an articulable symptom of impairment.

For further information or guidance on revising your policies and procedures, please contact David Paseltiner.

On October 6, 2021, the New York Workers’ Compensation Board adopted a revised regulation addressing the amount of intermittent Paid Family Leave (“PFL”) that is available to employees who work more than five days per week. The revised regulation becomes effective January 1, 2022, and is not retroactive.

Under existing regulations, employees who are qualified for PFL may take up to 12 weeks of such leave during a period of 52 consecutive weeks. Employees are not required to take PFL all at once and may elect to take it in full day increments on an intermittent basis. When taking PFL on an intermittent basis, the maximum days of PFL that an employee may take is determined by multiplying the average number of days he or she works per week by 12, but in no event more than 60 days of PFL per 52-week period for employees working at least five days per week. As a result, an employee who works more than five days a week is currently capped at 60 days per 52-week period.

Under the revised regulation, the 60-day cap has been eliminated, and employees who work more than five days per week will be eligible to take additional intermittent PFL once the revised regulation takes effect. Without the cap, employees who work six days per week will become entitled to 72 days of PFL to be used intermittently in a 52-week period, and employees who work seven days per week will become entitled to 84 days of PFL to be used intermittently in a 52-week period.

The revised regulation does not affect employees who work five or fewer days per week but will  greatly increase the days of intermittent PFL leave available to employees who do work in excess of this amount. Employers who have employees working more than five days per week should take note of this change and take steps to ensure compliance with the revised regulation when it becomes effective.

For further information or guidance on revising your policies, please contact David Paseltiner.


On Nov. 1, 2021, New York Governor Kathy Hochul signed an amendment to the New York Paid Family Leave Benefits Law (the “PFL”) expanding the definition of “family member” for the purposes of the PFL to include biological or adopted siblings, half-siblings, and step-siblings. The current definition of “family member” covers children, parents, grandparents, grandchildren, spouses and domestic partners. While the change to the definition will not become effective January 1, 2023, employers should make a note of the change and take steps to prepare for the expended coverage prior to its effective date.

For further information or guidance on revising your policies, please contact David Paseltiner

As noted in an earlier blog, on March 12, 2021, New York enacted a new law requiring public and private employers to provide paid leave for any employee receiving a COVID-19 vaccination. Under this law, employers must provide their employees up to four hours (or, if greater, such time as an employee is entitled to receive pursuant to a collectively bargained agreement or as otherwise authorized by the employer) of paid time off per vaccine injection at their regular pay rate.

When the law was enacted, COVID-19 booster shots were not something that was considered necessary, and guidance from the Labor Department contemplated that total paid leave for vaccinations would be capped at eight hours for those taking a two-dose vaccination series. While, as noted above, the statute itself indicates that four hours of leave is available “per vaccine injection, to avoid any doubt, the Labor Department has revised its Frequently Asked Questions to make clear that the law applies to any COVID-19 vaccination received by an employee, including booster shots.

Employers should update their paid vaccine leave policies and practices to include paid time off for booster shots.

For further information or guidance on revising your policies, please contact David Paseltiner.


As I discussed in recent blog, a new addition to the New York City Administrative Code (2021 NYC Local Law No. 3, NYC Admin. Code Sections 22-1201 – 22-1205)(the “Biometric Privacy Law”) will go into effect on July 9 regulating the use of facial recognition technology. In a move to expand such regulations beyond commercial businesses, the City has also adopted a new law regulating the use of smart access technologies in residential buildings (2021 NYC Local Law No. 63, NYC Admin. Code Sections 26-3001 – 26-3007) (the “Tenant Data Privacy Act”). The Act goes into effect on July 29, 2021 (other than with respect to the private right of action described below, which becomes effective January 1, 2023). Landlords that operate in New York City that use smart access technology are well advised to become familiar with the Act and its requirements, include making any necessary changes to their existing policies and procedures as needed to be in compliance with its terms. As with the Biometric Privacy Law, it is quite likely that other jurisdictions may look to follow New York City’s lead, so landlords outside of the City are likewise advised to become familiar with the Act and to proactively address requirements that they may soon be required to abide by.

Set forth below is a summary of the scope and terms of the Act.

To What Buildings Does the Act Apply?

The Act applies to “smart access buildings”, which are “class A multiple dwellings” located within New York City that use a “smart access system.” A “class A multiple dwelling” is any a dwelling which is rented or leased, or is to be rented or leased, as the residence of three or more families living independently of each other that is occupied for permanent residence. This term excludes multiple dwellings which are occupied as a temporary residence of individuals or families who are lodged at such buildings (such as hotels, rooming houses, boarding houses, boarding schools, furnished room houses, club houses, and college and school dormitories). A “smart access system” is any system that uses electronic or computerized technology, a radio frequency identification card, a mobile phone application, biometric identifier information, or any other digital technology to grant entry to a class A multiple dwelling, common areas in such dwelling or to an individual unit in such dwelling.

How Does the Act Regulate Data Collection?

Required Consent

An owner of a smart access building or a third party may not collect reference data from a user for use in a smart access system except where such user has expressly consented, in writing or through a mobile application, to the use of such smart access building’s smart access system.  “Reference data” means the information against which authentication data is verified at the point of authentication by a smart access system to grant a user entry to a smart access building, a dwelling unit of such building or a common area of such building.  A “third party” is an entity that installs, operates, or otherwise directly supports a smart access system, and has ongoing access to user data, excluding any entity that solely hosts such data, and a “user” is a tenant of a smart access building, and any person a tenant has requested, in writing or through a mobile application, be granted access to such tenant’s dwelling unit and such building’s smart access system. The term “owner” means and include the owner of the freehold of the premises or lesser estate therein, a mortgagee or vendee in possession, assignee of rents, receiver, executor, trustee, lessee, agent, or any other person or entity directly or indirectly in control of a dwelling.

What Data May Be Collected?

An owner or third party may collect only the minimum amount of authentication data and reference data necessary to enable the use of a smart access system in a smart access building and may not collect additional biometric identifier information from any users. “Authentication data” is data generated or collected at the point of authentication in connection with granting a user entry to a smart access building, common area or dwelling unit through such building’s smart access system, provided that data generated through or collected by a video or camera system that is used to monitor entrances but not grant entry is not “authentication data.” “Biometric identifier information” is a physiological, biological, or behavioral characteristic that is used to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan; (ii) a fingerprint; (iii) a voiceprint; (iv) a scan or record of a palm, hand, or face geometry; (v) gait or movement patterns; or (vi) any other similar identifying characteristic. This definition is similar, but not identical, to that used in the Biometric Privacy Law.

A smart access system may only collect, generate, or use the following information:

  • the user’s name;
  • the dwelling unit number and other doors or common areas to which the user has access using such smart access system in such building;
  • the user’s preferred method of contact;
  • the user’s biometric identifier information if such smart access system utilizes biometric identifier information;
  • the identification card number or any identifier associated with the physical hardware used to facilitate building entry, including radio frequency identification card, Bluetooth, or other similar technical protocols;
  • passwords, passcodes, user names, and contact information used singly or in conjunction with other reference data to grant a user entry to a smart access building, dwelling unit of such building or common area of such building through such building’s smart access system, or to access any online tools used to manage user accounts related to such building;
  • lease information, including move-in and, if available, move-out dates; and
  • the time and method of access, solely for security purposes.

Notwithstanding the above provisions, an owner may retain, separate from a smart access system, a record of the unique identification number or other unique identifier associated with the physical hardware used to facilitate building entry, including key cards or other similar technical protocols, and the dwelling unit number associated with such unique identifier, solely for the purpose of deactivating or activating the key card or other hardware associated with such unique identifier.

Destruction of Data

Owners of smart access buildings and third parties are required to destroy any authentication data collected from or generated by a smart access system in their possession no later than 90 days after such data has been collected or generated, except for authentication data that is retained in an anonymized format.

Reference data for any tenant who has permanently vacated a smart access building is required to be removed, or anonymized where removal of such data would render the smart access system inoperable, from a smart access system no later than 90 days after the tenant has permanently vacated the building.

Reference data for any user that has been granted access to a former tenant’s dwelling unit and is not a tenant of the smart access building is required to removed, or anonymized where removal of such data would render the smart access system inoperable, from the smart access system no later than 90 days after access expires.

Reference data for any user who has withdrawn authorization from an owner or third party who had previously been given access to such reference data pursuant to the Act must be removed, or anonymized where removal of such data would render the smart access system inoperable, from the smart access system no later than 90 days after such authorization has been withdrawn. The same time frame shall apply when a tenant withdraws a request that a guest be granted access to such tenant’s dwelling unit via the smart access system if such guest is not also a tenant of such smart access building.

Reference data collected solely for the operation of a smart access system for a tenant who has permanently vacated a smart access building must be destroyed no later than 90 days after a tenant has permanently vacated a smart access building or has withdrawn authorization from the owner of such smart access building or a third party.

Reference data collected solely for use of such smart access system for any user that has been granted access to such tenant’s dwelling unit and is not a tenant of such smart access building shall be destroyed within the same timeframe, following such user’s withdrawal of authorization, such tenant’s withdrawal of the request that such user be granted access to such tenant’s dwelling unit via the smart access system or such tenant’s permanent vacation.

Notwithstanding the above requirements, owners of smart access buildings and third parties that have an obligation to destroy data pursuant to the Act shall not be required to destroy any data that (i) is necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity; (ii) is necessary to debug to identify and repair errors that impair existing intended functionality; (iii) is protected speech under the United States or New York state constitution; or (iv) is necessary to comply with another law or legal obligation. In addition, reference data may be retained and used by a smart access system pursuant to a user request, in writing or through a mobile application, that such user’s reference data be retained for longer than 90 days.

Any information that an owner of a multiple dwelling collects about a tenant’s use of gas, electricity or any other utility is required to be limited to such tenant’s total monthly usage, unless otherwise required by law. Owner of multiple dwellings are prohibited from collecting any information about a tenant’s use of internet service, except that in a multiple dwelling in which internet service is provided directly from an owner to tenants, the landlord may collect such information if such information is aggregated and anonymized, or necessary for billing purposes.

What Does the Act Prohibit?

The Act provides that is it unlawful for any owner of a smart access building or third party that collects reference data or authentication data to:

  1. sell, lease, or otherwise disclose such data to another person except:

(a)           pursuant to any law, subpoena, court ordered warrant, other authorized court ordered process or active law enforcement investigation;

(b)          to a third party that operates or facilitates the operation of such building’s smart access system, provided that the user has given express authorization, in writing or through a mobile application, and has received in writing, in advance of such authorization: (i) the name of the third party, (ii) the intended use of such data by such third party, and (iii) any privacy policy of such third party;

(c)           for data collected regarding utility usage as described above, to an entity employed, retained, or contracted by the owner to improve the energy efficiency of such building;

(d)          to a guest as expressly authorized, in writing or through a mobile application, by a tenant; or

(e)          as otherwise required by law;

  1. utilize any satellite navigation system or other similar system in the equipment or software of a smart access system to track the location of any user of a smart access system outside of the building using such smart access system;
  2. use a smart access system to capture the reference data of any minor, except as authorized in writing by such minor’s parent or legal guardian;
  3. use a smart access system to deliberately collect information on or track the relationship status of tenants and their guests, except as otherwise required by law;
  4. use a smart access system to collect or track information about the frequency and time of use of such system by a tenant and their guests to harass or evict a tenant;
  5. use a smart access system to collect reference data from a person who is not a tenant in such smart access building who has not given express consent, in writing or through a mobile application, provided that reference data may be collected for any employee or agent of an owner in a smart access building, and
  6. share any data that may be collected from a smart access system regarding any minor unless such entity has received the written authorization of such minor’s parent or legal guardian.

Any data collected in violation of the prohibitions set forth in items 3, 4, 5 and 6 above is required to be destroyed immediately.

It also unlawful for any owner of a smart access building, or an agent thereof, to:

  1. utilize data collected through a smart access system for any purpose other than: (i) to grant access to and monitor entrances and exits to the smart access building, and to common areas in such building, including but not limited to laundry rooms, mail rooms, and the like, and (ii) to grant access to dwelling units in such buildings that use a smart access system to grant entry into dwelling units;
  2. use a smart access system to limit the time of entry into the building by any user except as requested by a tenant;
  3. require a tenant to use a smart access system to gain entry to such tenant’s dwelling unit; and
  4. use any information collected through a smart access system to harass or evict a tenant.

What Does the Act Require of Smart Access Systems?

The Act requires that smart access systems implement stringent security measures and safeguards to protect the security and data of tenants, guests, and other individuals in smart access buildings. Such security measures and safeguards must, at a minimum, include data encryption, the ability of the user to change the password if the system uses a password and firmware that is regularly updated to enable the remediation of any security or vulnerability issues.

Is There an Individual Right of Action to Enforce the Act?

The Act provides that a lawful occupant of a dwelling unit, or a group of such occupants, in a smart access building may bring an action alleging an unlawful sale of data in violation of the Act. If the court finds that a person has sold data in violation of the Act, the court shall, in addition to any other relief such court determines to be appropriate, award to each such occupant per each unlawful sale of such occupant’s data: (i) compensatory damages and, in such court’s discretion, punitive damages, or (ii) at the election of each occupant, damages ranging from $200 to $1,000, as well as reasonably attorneys’ fees and court costs. This right is in addition to any other remedies that may be provided for under common law or by other law or rule.

Is an Owner’s Violation of the Act Grounds to Not Pay Rent?

No. The Act expressly states nothing shall relieve any occupant or occupants from any obligation to pay rent or any other charge for which such occupant or occupants are otherwise liable to a person found to be in violation of the Act, and that nothing shall affect any other right or responsibility of an occupant or owner afforded to such person pursuant to a lawful lease.