Opening a new liquor store in New York State is a complex process involving regulatory scrutiny, community input, and significant legal and financial planning. Below is a comprehensive, practitioner-level overview for prospective applicants, including key steps, common pitfalls, and critical lease issues. This information is designed for those considering engaging legal counsel to guide them through the process. The Licensing Process: What to Expect When Opening A New Liquor Store In New York 1. Understanding the “Public Convenience and Advantage” Standard New York’s Alcoholic Beverage Control Law requires that new liquor store licenses be issued only if the applicant can prove the store will serve the “public convenience and advantage.” The New York State Liquor Authority (SLA) will assess: - Whether the area is already adequately served by existing liquor stores. - Gross sales trends at the four nearest stores (the SLA will request this data). - Demographic shifts, local population changes, and neighborhood development. - The unique value your store will add (e.g., accessibility, product selection, hours). 2. Protests and Community Input - Nearby Liquor Stores: The SLA notifies the closest liquor stores, which may submit written objections or appear at hearings to oppose your application. Their objections often cite market saturation, declining sales, and lack of community need. - Community Boards: In NYC, Community Boards may review and comment, though their role is advisory for off-premises licenses. Applicants may be asked to attend a meeting and address concerns. 3. The SLA Full Board Hearing - Most new liquor store applications are scheduled for a public hearing before the SLA Full Board, which meets bi-weekly. Applicants and objectors can present their cases in person or via video. - The Board will question both sides, deliberate, and typically announce its decision at the meeting or soon after. The decision is final, subject only to judicial review. - No temporary permits are available for new liquor stores; you must wait for Full Board approval before opening. Reference: SLA Full Board Meetings 4. Timeline and Documentation - The process often takes 6–12 months, depending on SLA workload and application completeness. - Required documentation includes a signed lease or letter of intent, detailed floor plans, full disclosure of all principals, and proof of funding. Special Lease Issues to Open a New Liquor Store In New York: Protecting Yourself During the Wait Given the long, uncertain licensing timeline, your lease should be carefully negotiated to minimize risk: 1. License Contingency Clause - Include a provision allowing you to terminate the lease if the SLA denies your license. Without this, you could be liable for the full lease term with no ability to operate. - Landlords may limit the contingency to a set period (e.g., 6–12 months) and require proof you are diligently pursuing the license. 2. Rent Abatement/Free Rent - Negotiate for rent abatement until the license is approved or a specific date is reached. Landlords may cap this period to avoid indefinite rent-free occupancy. 3. Proof of Right to Premises - The SLA requires a lease, deed, or binding letter of intent covering the full license term (usually three years). An unsigned or non-binding agreement is insufficient. 4. Assignment and Personal Guarantees - Ensure the lease allows assignment if the business is sold or the license is denied (with landlord consent not unreasonably withheld). - Try to limit or remove personal guarantees if the lease is terminated due to license denial. 5. Percentage Rent and SLA Disclosure - If your lease includes percentage rent, and the landlord’s share exceeds 12%, the SLA may require the landlord to be disclosed as a co-applicant, triggering background checks and potential licensing complications. - Landlords with any interest in alcohol manufacturing or wholesaling are barred from being co-applicants. 6. Financial Exposure During Delays - You may be on the hook for rent and other costs for months before opening. Model your cash flow accordingly and negotiate protections. Common Pitfalls Involved in Opening A New Liquor Store - Failure to Prove Public Need: If you cannot demonstrate that your store will serve a genuine public need, your application will likely be denied. - Ignoring Lease Protections: Entering a lease without adequate contingencies can result in substantial financial loss if your license is denied or delayed. - Incomplete Documentation: Missing or inaccurate disclosures and financial records are a leading cause of delays and denials. - Underestimating Local Opposition: Failing to anticipate and address objections from nearby stores or the community can doom an application. - Lack of Legal Representation: The process is adversarial and highly technical; experienced legal counsel is strongly recommended. Key Takeaways - Start with a Realistic Assessment: Is there a true need for another liquor store in your chosen area? - Engage Legal Counsel Early: An experienced attorney can help you navigate both the SLA process and critical lease negotiations. - Negotiate a Lease That Protects You: Insist on a license contingency, rent abatement, and assignment flexibility. - Prepare for a Long Process: Expect 6–12 months from application to decision, with no option for a temporary permit. - Be Ready for a Public Hearing: You will likely need to present your case before the SLA Full Board and respond to objections. This overview of how to open a new liquor store in new york is not legal advice. For tailored guidance, please contact our firm to schedule a consultation with an attorney experienced in New York liquor licensing and lease negotiation. Read the full article

New York's Liquor Laws: Fall 2024 Update

Major Changes on the Horizon As we reported earlier this year, Governor Kathy Hochul has spearheaded significant changes to New York State's liquor laws, modernizing the 90-year-old Alcoholic Beverage Control (ABC) Law. These developments will impact businesses, consumers, and legal practitioners in the alcohol industry. Let's explore the key changes and their implications. Key Changes and New Rulings Extended "To-Go" Alcohol Sales Bars and restaurants can now sell alcoholic beverages for off-premises consumption until 2030. As a result, this extension of the popular "drinks to go" provision will boost revenue for these establishments. Expanded Licensing Options Movie theaters have gained the right to apply for licenses to sell liquor, in addition to beer and wine. Consequently, cinema operators can enhance the movie-going experience for their customers. Streamlined Application Process The state has eliminated the 30-day waiting period between providing local notice and filing a license application. Therefore, businesses can now apply for licenses more quickly and efficiently. One-Day Event Permits Special event organizers can now serve liquor, hard cider, and mead with their permits. Previously, these permits only allowed beer and wine sales. As a result, this change creates more opportunities for caterers and event planners. Impacts on Businesses and Consumers These changes offer significant benefits to the hospitality and entertainment sectors. Bars, restaurants, and movie theaters can diversify their offerings and potentially increase their profits. Meanwhile, consumers will enjoy more options and convenience, from cinema cocktails to easy to-go drink purchases. Implications for Legal Practitioners Attorneys specializing in liquor licensing and ABC law must adapt to these new regulations. They should focus on: - Advising clients about expanded licensing opportunities - Guiding clients through the new streamlined application process - Ensuring compliance with updated to-go alcohol sales regulations - Assisting with one-day event permit applications that now include liquor Upcoming Legislative Actions to Watch Lawmakers are considering several proposals for future legislative sessions: - Allowing bar and restaurant owners to purchase limited alcohol amounts from retail liquor stores for restocking - Permitting liquor store owners to operate multiple locations within the state - Potentially modifying the 200-foot and 500-foot rules governing proximity to schools, places of worship, and other alcohol-serving establishments Conclusion These changes mark a significant shift in New York's alcohol regulation approach. The state aims to support businesses while maintaining responsible practices. Additionally, businesses in the alcohol industry must stay informed and compliant as the legal landscape evolves. Our law firm Liquor Law practice focuses on ABC law and liquor licensing matters. We can help clients navigate these new regulations, apply for expanded licenses, and ensure compliance with all current and upcoming changes to New York's liquor laws. Furthermore, we can assist your business in thriving in this changing regulatory environment. For more details on these changes, visit the New York State Liquor Authority's official announcement. This comprehensive overview explains the new regulations and their implications.Those interested in the legislative process can review the full text of Assembly Bill A08805. Thus, you can access the bill summary, actions taken, sponsor's memorandum, and complete legislation text. Read the full article

Protect Customer Personal Information: A Guide for Businesses

Here is an in-depth report on fundamental steps for businesses to protect customer personal information, focusing on requirements and best practices in New York, California, Massachusetts, and the US Virgin Islands: I. Determining if Your Business is Required to Protect Customer Personal Information Before implementing cybersecurity measures, it's crucial to understand if your business is legally obligated to protect customer personal information (PI). Requirements vary by state and territory: New York Under the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act): - Applies to any person or business that owns or licenses computerized data including private information of a New York resident - No minimum threshold for number of customers or revenue California The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to businesses that: - Have annual gross revenue exceeding $25 million - Buy, sell, or share personal information of 100,000 or more California residents or households - Derive 50% or more of annual revenue from selling or sharing California residents' personal information Massachusetts Massachusetts 201 CMR 17.00 applies to all persons that own or license personal information about a Massachusetts resident. US Virgin Islands The Virgin Islands Data Breach Notification Law applies to: - Persons and businesses that conduct business in the territory - Own, license, or maintain covered information of Virgin Islands residents II. Understanding What Constitutes Personal Information Before one can protect customer personal information, one must understand the definition of personal information varies slightly by jurisdiction: New York Private information includes: - Social Security number - Driver's license number or non-driver ID number - Account, credit or debit card number (if usable to access an individual's financial account) - Biometric information - Username/email address in combination with a password or security question answer California Personal information includes: - Identifiers (e.g., name, address, SSN, driver's license number) - Characteristics of protected classifications (e.g., race, gender) - Commercial information - Biometric information - Internet or network activity information - Geolocation data - Audio, electronic, visual, thermal, olfactory, or similar information - Professional or employment-related information - Education information - Inferences drawn from other personal information Massachusetts Personal information includes: - First name and last name or first initial and last name - In combination with any of: - Social Security number - Driver's license number or state-issued ID number - Financial account number, or credit or debit card number US Virgin Islands Covered information includes: - First name or first initial and last name - In combination with any of: - Social Security number - Driver's license number - Account number, credit or debit card number (with any required security code, access code, or password) III. Step-by-Step Guide to Protect Customer Personal Information Step 1: Conduct a Data Inventory and Risk Assessment - Identify all personal information your business collects, processes, and stores. - Determine where this data is located (e.g., on-premises servers, cloud storage, employee devices). - Assess potential risks and vulnerabilities to this data. Step 2: Develop and Implement a Written Information Security Program (WISP) - Create a comprehensive policy document outlining your data protection measures. - Include procedures for: - Collecting, storing, and using personal information - Employee training on data security - Incident response in case of a breach - Regular security audits and updates Step 3: Implement Strong Access Controls - Use role-based access control to limit data access to employees who need it. - Implement strong password policies, including: - Complex passwords with a mix of characters - Regular password changes - Two-factor authentication (2FA) Step 4: Encrypt Sensitive Data - Use industry-standard encryption for data at rest and in transit. - Implement 256-bit encryption for emails containing sensitive information. - Use file-level encryption for data stored on computer hard drives. Step 5: Secure Your Network - Install and maintain firewalls to protect against unauthorized access. - Use a Virtual Private Network (VPN) for remote access to company systems. - Regularly update all software, including operating systems and applications, to patch security vulnerabilities. Step 6: Train Employees on Data Security - Conduct regular cybersecurity awareness training for all employees. - Cover topics such as: - Recognizing phishing attempts - Safe browsing practices - Proper handling of sensitive data - Reporting potential security incidents Step 7: Implement Data Minimization Practices - Only collect personal information that is necessary for your business operations. - Regularly review and delete unnecessary data. - Implement data retention policies that comply with legal requirements. Step 8: Secure Physical Access to Data - Implement physical security measures to protect servers and devices containing personal information. - Use locked cabinets for paper documents containing sensitive data. - Implement a clean desk policy to ensure sensitive information is not left unattended. Step 9: Manage Third-Party Risks - Conduct due diligence on vendors who have access to your customer data. - Include data protection clauses in contracts with third-party service providers. - Regularly audit third-party compliance with your data security requirements. Step 10: Develop and Test an Incident Response Plan - Create a detailed plan for responding to potential data breaches. - Include steps for: - Containing the breach - Assessing its scope and impact - Notifying affected individuals and relevant authorities - Conducting a post-incident review - Regularly test and update your incident response plan. IV. Compliance with Specific State Requirements While following the steps above will provide a strong foundation for data protection, be aware of these specific state requirements: New York (SHIELD Act) - Implement reasonable administrative, technical, and physical safeguards. - Conduct regular risk assessments. - Train employees in security practices and procedures. California (CCPA/CPRA) - Provide notice to consumers about data collection practices. - Implement processes to respond to consumer requests regarding their personal information. - Obtain opt-in consent for processing sensitive personal information. Massachusetts (201 CMR 17.00) - Designate one or more employees to maintain the information security program. - Identify and assess reasonably foreseeable internal and external risks to security. - Develop security policies for employees relating to the storage, access, and transportation of records containing personal information. US Virgin Islands - While specific cybersecurity requirements are not currently detailed in the breach notification law, following best practices outlined in this guide will help ensure compliance. By following these steps and staying informed about evolving regulations, businesses can significantly enhance their protection of customer personal information and reduce the risk of data breaches and regulatory non-compliance. Read the full article

What Cybersecurity Requirements US Companies Should Follow In 2024

There are several key cybersecurity regulations and requirements that US companies need to comply with at both the federal and state levels: Federal Regulations - HIPAA (Health Insurance Portability and Accountability Act): Applies to healthcare providers and organizations handling protected health information (PHI). It requires safeguarding patient data. - GLBA (Gramm-Leach-Bliley Act): Regulates the collection and handling of financial information. Companies collecting or storing financial data must comply. - PCI DSS (Payment Card Industry Data Security Standard): Security standards for companies processing, storing or transmitting credit card data. As of March 2024, version 4.0 is mandatory, requiring multi-factor authentication. - FISMA (Federal Information Security Modernization Act): Requires government agencies to protect information systems. MSPs serving government clients need to align with FISMA, updated in 2023 to improve coordination. - SEC Incident Disclosure Regulations: As of Dec 2023, publicly traded companies must report material cybersecurity incidents within 4 business days. Selected State Regulations - California Consumer Privacy Act (CCPA): Protects personal information of CA residents. Applies to companies engaging with CA residents, not just those based in CA. New CCPA regulations expected in 2024 cover cybersecurity audits, risk assessments, and automated decision-making technology. - NY DFS Cybersecurity Regulation: Applies to financial services companies licensed by NY Dept of Financial Services. Requires risk assessments, cybersecurity policies, CISO reporting, encryption, incident response plans, etc. with phased implementation through 2025. - Massachusetts Data Privacy & Security Regulations: The MA Office of Consumer Affairs & Business Regulation urges all licensees to develop, implement and regularly test cybersecurity plans. Recommends following DHS guidelines. Why Compliance Matters Key reasons all US companies should prioritize cybersecurity compliance: - Avoid costly data breaches, which averaged $3.86M in 2020. - Maintain customer trust. 67% of companies saw significant loss of trust after a breach. - Prevent hefty non-compliance fines, such as up to $7,500 per record for CCPA violations. - Mitigate cyber risks, as 77% say they couldn't recover from a major attack. In summary, cybersecurity compliance through a formal program is essential for all US businesses to protect data, finances, reputation and operations amid increasing threats and stricter regulations at both state and federal levels. The specific requirements depend on industry, location, and types of data handled. Citations: https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws https://www.upguard.com/blog/cybersecurity-regulations-by-industry https://www.connectwise.com/blog/cybersecurity/cybersecurity-laws-and-legislation https://www.jonesday.com/en/insights/2024/02/california-privacy-a-deeper-dive-into-the-new-regulations-expected-in-2024 https://www.dfs.ny.gov/system/files/documents/2023/11/cybersecurity_implementation_timeline_covered_entities.pdf https://www.mass.gov/data-privacy-and-cybersecurity https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa https://trinware.com/compliance/brief-guide-to-us-cybersecurity-regulations-by-industry/ Read the full article

Perplexity.ai Pro is amazing!! I use it all the time and have upgraded to Pro for all its benefits. It is my go-to search for anything I want to know about. Get $10 off your first order by using this code!

http://Perplexity.ai Pro is amazing!! I use it all the time and have upgraded to Pro for all its benefits. It is my go to search for anything. Get $10 off your first order by using this code! https://perplexity.ai/pro?referral_code=9WMORQIU

Privacy Law Developments Thus Far In 2024

2024 marks a significant year for consumer privacy legislation in the United States, with new laws set to take effect in Florida, Oregon, Montana, and Texas, alongside stringent measures in New York, Massachusetts, and California. Notably, California's Age-Appropriate Design Code Act expands online privacy protections for minors, Massachusetts is considering comprehensive privacy bills, and New York is advancing significant data privacy legislation, highlighting a growing trend towards stronger consumer privacy protections in the absence of comprehensive federal privacy legislation. California Age Appropriate Design Code Act The California Age-Appropriate Design Code Act (CAADCA), signed into law on September 15, 2022, represents a significant shift in online privacy protections for minors under 18 in California. Set to take effect on July 1, 2024, the CAADCA extends beyond the scope of the federal Children's Online Privacy Protection Act (COPPA), which only covers children under 13.The CAADCA applies to businesses that meet the California Consumer Privacy Act (CCPA) definition and provide online services, products, or features likely to be accessed by children. This broad applicability is determined by factors such as: - Being directed to children as defined by COPPA - Routinely accessed by a significant number of children, based on audience composition evidence - Marketing advertisements to children - Utilizing design elements appealing to children (e.g., games, cartoons, celebrities) - Internal company research indicating a significant child audience Key requirements of the CAADCA include: - Data Protection Impact Assessments (DPIAs): Businesses must conduct DPIAs before offering services likely to be accessed by children and review them biennially. - Privacy by Default: Automatically configure the highest level of privacy settings for children users. - Age Estimation: Implement methods to estimate user age with reasonable certainty. - Transparent Communication: Provide privacy information, terms of service, and policies in clear, concise language suitable for the identified age groups. - Monitoring Signals: Give children obvious signals when they are being monitored or tracked. - Accessibility: Provide easily accessible tools for children to exercise privacy rights and report concerns. - Data Minimization: Prohibit collection and use of personal information not necessary for the service. - Geolocation and Profiling Restrictions: Ban collection of precise geolocation and profiling unless there is a compelling reason. Enforcement of the CAADCA will be overseen by the California Privacy Protection Agency (CPPA), which must publish regulations and guidelines by April 1, 2024. Violations can result in civil penalties of up to $2,500 per affected child for negligent violations and $7,500 for intentional violations. It's worth noting that on September 18, 2023, a preliminary injunction was issued by the District Court for the Northern District of California, preventing the enforcement of the CAADCA due to potential First Amendment violations. This legal challenge highlights the complex balance between child protection and constitutional rights in the digital age. Despite this setback, the CAADCA has already inspired similar legislation in other states, including Connecticut, Maryland, Minnesota, Oregon, New Jersey, New Mexico, and Nevada. This trend suggests a growing recognition of the need for enhanced online protections for minors across the United States. Massachusetts Privacy Act Overview Massachusetts is actively working towards establishing comprehensive data privacy legislation, with two key bills currently under consideration: the Massachusetts Information Privacy and Security Act (H. 60) and the Massachusetts Data Privacy Protection Act (S. 25). These proposed laws aim to position Massachusetts at the forefront of U.S. state privacy regulations.Both bills would apply broadly to organizations in Massachusetts, from small nonprofits to large multinational corporations, with varying compliance requirements based on the size and activities of the organization. Key features of these proposed laws include: - Data Minimization: The Massachusetts Data Privacy Protection Act would impose a data minimization principle, limiting data collection, use, and disclosure to what is "necessary and proportionate" for specific enumerated purposes. - Private Right of Action: Unlike most other state privacy laws, the Massachusetts Data Privacy Protection Act would create a private right of action for violations of any provision, potentially changing the landscape of privacy law enforcement in the U.S. - Workplace Monitoring Restrictions: The Massachusetts Data Privacy Protection Act would impose restrictions on workplace monitoring and electronic surveillance, limiting such activities to specific enumerated purposes and requiring the least invasive methods. - Data Broker Registry: Both bills propose establishing a data broker registry, similar to those already implemented in California and Vermont. - Broad Applicability: The laws would apply to all organizations dealing with personal information of Massachusetts residents, not just those located in or conducting business in the state. - Comprehensive Personal Information Definition: The laws define personal information to include first and last names, Social Security numbers, driver's license or state-issued identification numbers, and financial account numbers. - Written Information Security Program (WISP): Organizations would be required to implement a WISP, considering factors such as the scale, scope, nature, and quantity of data collected or stored. - Specific Security Standards: The laws would establish minimum security standards for computer systems, including secure user authentication, data encryption, and firewall defenses. - Third-Party Service Provider Requirements: The laws would require third-party service providers to maintain adequate security measures to protect personal information. Enforcement of these proposed laws would likely be the responsibility of the Massachusetts Attorney General, with potential civil penalties of up to $5,000 per violation. It's important to note that these bills are still pending before the Massachusetts Joint Committee on Advanced Information Technology, the Internet and Cybersecurity, which must finalize the proposed legislation before consideration by the General Court. The committee has indicated that it will mark up a bill based on testimony from a hearing held in October 2023, suggesting that the final legislation may incorporate elements from both proposed bills. As these bills progress through the legislative process, organizations operating in Massachusetts should closely monitor developments and begin preparing for potential compliance requirements. The proposed legislation represents a significant step towards comprehensive privacy protection in the state, potentially surpassing the strictness of existing laws in other jurisdictions. New York Data Privacy Legislation Developments New York is making significant strides in data privacy legislation with two key bills currently under consideration: the New York Privacy Act (S365B) and the New York Data Protection Act (S4201). These proposed laws aim to strengthen consumer privacy rights and impose new obligations on businesses handling personal data.The New York Privacy Act (S365B) is the more comprehensive of the two bills, having passed the Senate on June 3, 2024, with a vote of 41-19. Key features of S365B include: - Applicability: The act applies to businesses that conduct operations in New York or produce products/services targeted at New York residents, and meet one of the following criteria: - Annual gross revenue of $25 million or more - Control or process personal data of 50,000 or more consumers - Derive over 50% of gross revenue from the sale of personal data - Data Controller Categories: The act defines three distinct categories of entities handling consumer data: - Controllers: Entities determining the purpose and means of processing personal data - Processors: Entities processing data on behalf of controllers - Third parties: Other entities involved in data handling - Consumer Rights: The act grants New York consumers several rights regarding their personal data, including: - Right to request disclosure of personal information - Right to request deletion of personal information - Protection against discrimination for exercising these rights - Sensitive Data: The act establishes a category of "sensitive data" requiring higher protections, including health information, racial/ethnic origin, precise geolocation, and government-issued identifiers. - Transparency Obligations: Businesses must provide clear disclosures about their data collection and processing practices. The New York Data Protection Act (S4201), while less comprehensive, focuses on government entities and contractors. Key provisions include: - Disclosure Requirements: Government entities and contractors must disclose certain personal information collected about individuals. - Individual Rights: The act grants individuals the right to request disclosure and deletion of their personal information held by government entities and contractors. - Shared Information Regulations: The act outlines rules for sharing personal information between government entities or contractors. - Non-shareable Information: Certain types of personal information are designated as non-shareable. Both bills are still in the legislative process. S365B has passed the Senate and is currently in the Assembly Consumer Affairs and Protection Committee. S4201 is in the Senate Investigations and Government Operations Committee. These proposed laws represent a significant shift in New York's approach to data privacy, aligning the state more closely with other jurisdictions that have enacted comprehensive privacy legislation. If passed, these laws would require businesses and government entities operating in New York to substantially revise their data handling practices and privacy policies. It's worth noting that the potential enactment of federal privacy legislation, such as the proposed American Privacy Rights Act (APRA), could preempt these state laws. However, until such federal legislation is passed, New York's efforts to strengthen data privacy protections continue to progress through the state legislature. Read the full article

Eligibility for Temporary Retail Permits

Exciting news for all aspiring event organizers and temporary vendors! You can now secure a temporary NYS Liquor License for wine/beer or full liquor without needing to purchase an ongoing business. Visit and contact Sharmalaw.com today to learn more! #NYSLiquorLicense, #TemporaryLicense, #EventPlanning, #Sharmalaw, #LegalServices Read the full article

Welcome to Sharmalaw - Ravi Ivan Sharma P.C. Law Offices

Welcome!