Cybersecurity

CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture

October 4, 2022 By Ross Speier, Lance Taubin, Kimberly Peretti and Nanci Weissgold

A&B ABstract On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help them prepare for state cybersecurity examinations and, ultimately, improve cybersecurity maturity and protect financial institution infrastructure. These tools are designed to address key aspects of the Uniform Rating System for Information […]

NYDFS Reports Major Cybersecurity Settlement

March 11, 2021 By Michael Young and James Harvey

In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity Regulation”) (see […]

SHIELD Act Overhauls New York’s Data Breach Notification Framework

October 30, 2019 By Privacy & Data Security Team

On October 23, 2019, New York’s new breach notification provisions came into effect, a result of New York’s passage of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in July. That Act overhauled New York’s data privacy framework, expanding the list of data elements that are considered “private information” while growing the […]

California Releases Proposed CCPA Regulations

October 11, 2019 By Michael Young

California Attorney General Xavier Becerra released yesterday a Notice of Proposed Rulemaking Action and Proposed Regulations for the California Consumer Privacy Act. The Attorney General will hold four public hearings to address these regulations on December 2, 3, 4, and 5, 2019. The written comment period will then end on December 6, 2019. These regulations are intended […]

The CCPA Could Reset Data Breach Litigation Risks

August 28, 2019 By James Harvey and Gavin Reinke

A&B Abstract: While much has been written about the California Consumer Privacy Act (CCPA), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy […]