Menu

Showing 4 posts in Cybersecurity.

Validating Cyber Compliance in Light of the First DFS Enforcement Action

We recently reported on the New York State Department of Financial Services' (DFS) first enforcement action under its 2017 cybersecurity regulation ("Part 500"), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. DFS' statement of charges provides important insight into the agency's priorities and expectations when assessing how a company has addressed and mitigated a data exposure, and offers a roadmap for how other regulators might interpret similar data security laws being implemented across the country. Given increasing regulatory scrutiny and the fact that inappropriate cybersecurity procedures and practices could result in significant financial liabilities, companies should proactively re-assess where they stand in relation to applicable cyber mandates.

We highlight here some key takeaways from the recent DFS enforcement action that entities subject to Part 500 should carefully consider when validating their current state of compliance. More ›

Another Cybersecurity Wake Up Call: Connecticut Insurance Department Issues Guidance on Cyber Law Set to go Into Effect

Covered entities received two cybersecurity wake up calls from insurance regulators this month. As we have reported, the New York State Department of Financial Services (DFS) issued its long-awaited first cyber enforcement action pursuant to its groundbreaking and first-in-nation cybersecurity regulation. In addition, the Connecticut Insurance Department issued a Bulletin to all licensees, providing guidance for compliance with the Connecticut Insurance Data Security Law (the Act), which goes into effect on October 1, 2020. The Act was modeled after the National Association of Insurance Commissioners Model Cybersecurity Law, which itself was modeled after the DFS cybersecurity regulation. More ›

Long-Awaited DFS Cyber Enforcement Action Sees Charges Filed Against Title Insurer For Exposing Millions of Documents Containing Consumer Personal Information

After several years of anticipation, the New York State Department of Financial Services (DFS) has filed its first enforcement action under the agency's groundbreaking and first-in-the-nation 2017 cybersecurity regulation (Part 500 of Title 23 of the New York Codes, Rules, and Regulations), which prescribes how financial services companies licensed to operate in New York should construct their cybersecurity programs. This action is a wakeup call to covered entities to fully implement the directives of Part 500. More ›

Governor Cuomo Mandates Compliance by Credit Reporting Agencies with Sweeping New Cybersecurity Requirements

New York Governor Andrew Cuomo has issued a final regulation that requires credit reporting agencies doing business in New York to register annually with the Department of Financial Services (DFS) and also to comply with accompanying cybersecurity regulations, including the implementation of a cybersecurity program consistent with the requirements already in place for banks, insurance companies and other financial services institutions. The purpose of the new regulation is to protect New Yorkers from data breaches, such as the Equifax breach which exposed the private data of millions of individuals. More ›

Search
Subscribe via Email