On November 1, 2023, the New York Department of Financial Services (NYDFS) published the finalized Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500), which includes a number of significant and, for many covered entities, onerous changes to its original regulation. The finalized Second Amendment is much like the June 2023 proposed draft (which […]
Online Privacy
NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation
The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]
CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture
A&B ABstract On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help them prepare for state cybersecurity examinations and, ultimately, improve cybersecurity maturity and protect financial institution infrastructure. These tools are designed to address key aspects of the Uniform Rating System for Information […]
NYDFS Reports Major Cybersecurity Settlement
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity Regulation”) (see […]
New Virginia Privacy Law Promises Big Impacts
Virginia became the second state after California to pass a comprehensive privacy law when the governor signed the Consumer Data Protection Act, which contains many elements found in the California Consumer Privacy Act and other proposed privacy frameworks, as well as a number of new requirements for businesses. In a client advisory, our Privacy, Cyber […]