A&B ABstract On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help them prepare for state cybersecurity examinations and, ultimately, improve cybersecurity maturity and protect financial institution infrastructure. These tools are designed to address key aspects of the Uniform Rating System for Information […]
Cybersecurity
NYDFS Reports Major Cybersecurity Settlement
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity Regulation”) (see […]
SHIELD Act Overhauls New York’s Data Breach Notification Framework
On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]
California Releases Proposed CCPA Regulations
California Attorney General Xavier Becerra released yesterday a Notice of Proposed Rulemaking Action and Proposed Regulations for the California Consumer Privacy Act. The Attorney General will hold four public hearings to address these regulations on December 2, 3, 4, and 5, 2019. The written comment period will then end on December 6, 2019. These regulations are intended […]
The CCPA Could Reset Data Breach Litigation Risks
A&B Abstract: While much has been written about the California Consumer Privacy Act (CCPA), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy […]