Compliance - Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Third-Party Risk Management: NY DFS Regulation Compliance

Data Breach Today

SEPTEMBER 4, 2019

Ted Augustinos of Locke Lord LLP Addresses the Challenges Defining the scope of third-party risk is challenging, says Ted Augustinos of Locke Lord LLP, who discusses compliance with the New York Department of Financial Services' cybersecurity regulation.

Compliance

Compliance Risk Financial Services Cybersecurity

AML, Cybersecurity Noncompliance Costs Coinbase $100M

Data Breach Today

JANUARY 5, 2023

Crypto Exchange to Pay $50M Penalty, Invest $50M to Boost AML Compliance Coinbase agreed to a $100 million settlement with the New York financial regulator on Wednesday over cybersecurity lapses and failure to comply with anti-money laundering guidelines that allowed criminals to use the platform for fraud, money laundering and other illicit activities. (..)

Cybersecurity

Cybersecurity Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. March 1, 2018 – the one year transitional period ends.

Cybersecurity

Cybersecurity Compliance Financial Services Insurance

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Periodic risk-based assessments of third parties.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

JANUARY 18, 2024

2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”). This post will focus on the cybersecurity regulation issues. This post will focus on the cybersecurity regulation issues. (For NYDFS found violations of both the cybersecurity and virtual currency regulations.

Cybersecurity

Cybersecurity Financial Services Compliance Encryption

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. a)), this new term applies. a)(2) to “update the superintendent with material changes or new information previously unavailable.”

Cybersecurity

Cybersecurity Compliance Financial Services Government

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

New York Attorney General Proposes Crypto Regulation, Protection, Transparency, and Oversight (CRPTO) Act

Hunton Privacy

MAY 12, 2023

On May 5, 2023, New York Attorney General Letitia James released proposed legislation that seeks to regulate all facets of the cryptocurrency industry. The bill includes a broad set of measures intended to regulate comprehensively the entire cryptocurrency ecosystem.

Cybersecurity

Cybersecurity Manufacturing Data Privacy Compliance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. Notice of Cybersecurity Event. Revised Definition of Class A Companies and other Key Requirements. Board Expertise and Oversight.

Cybersecurity

Cybersecurity Passwords Risk Compliance

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Data Matters

FEBRUARY 2, 2021

The National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law has been adopted in at least 11 states, with several others (including New York) having implemented either older or similar laws or administrative guidance.

Insurance

Insurance Security Compliance Cybersecurity

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

NYDFS Settles with Mortgage Company for Data Breach

Hunton Privacy

MARCH 11, 2021

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach. Read the full NYDFS settlement.

Data breaches

Data breaches Cybersecurity Financial Services Personal data

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. NSC), relating to violations of three different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2020. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. And this isn’t just happening in New York.

Compliance

Compliance GDPR Encryption Data Privacy

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The New York Attorney General had alleged violations of the New York SHIELD Act.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Webinar on Virginia’s Consumer Data Protection Act

Hunton Privacy

MARCH 23, 2021

On March 30, 2021, Hunton Andrews Kurth will host a webinar examining Virginia’s new Consumer Data Protection Act. The law’s requirements will take effect on January 1, 2023, which is the same day that requirements under the new California Privacy Rights Act (“CPRA”) becomes operative. Simpson , Partner, Hunton Andrews Kurth, New York.

Data Privacy

Data Privacy Privacy Compliance Cybersecurity

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

APRIL 17, 2020

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Remote Working.

Financial Services

Financial Services Risk Cybersecurity Phishing

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Obtain Cybersecurity Expertise. Background.

Insurance

Insurance Financial Services Cybersecurity Risk

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. Even though these regulations only apply to New York, financial institutions across the U.S. September Checklist, March Reminder.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

NYDFS settles cybersecurity regulation matter for $1.8 million

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. NYDFS Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Financial Services Phishing

Privacy and Cybersecurity October 2018 Events

HL Chronicle of Data Protection

SEPTEMBER 28, 2018

Please join us for our October 2018 Privacy and Cybersecurity Events. It is entitled “ Data Privacy on Steroids: Sweeping New Data Privacy/Security Regulation in the EU and California, and What it Means for American Business. ”. Location : New York City. GDPR Compliance. Location : New York City.

Privacy

Privacy Cybersecurity GDPR Data Privacy

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

There just may be a new cybersecurity regulator in town. Department of Labor (DOL) published its first cybersecurity guidance last week ( Cybersecurity Guidance ). The Cybersecurity Guidance is set forth in three parts: Tips for Hiring a Service Provider , directed toward plan sponsors and fiduciaries.

Cybersecurity

Cybersecurity Insurance Risk Compliance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

The flurry of state legislative activity in the wake of the enactment of the California Consumer Protection Act (CCPA) continues with the New York legislature recently passing two bills to increase accountability for the processing of personal information. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. Increased regulation and enforcement action. In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

JANUARY 24, 2018

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.

Financial Services

Financial Services Cybersecurity Compliance Insurance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., On January 24, 2022, the New York Attorney General (AG) announced a settlement with vision-benefits-provider EyeMed Vision Care, Inc., In total, information for approximately 2.1

Passwords

Passwords Financial Services Authentication Insurance

NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies

Hunton Privacy

JUNE 29, 2018

On June 25, 2018, the New York Department of Financial Services (“NYDFS”) issued a final regulation (the “Regulation”) requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity regulation.

Cybersecurity

Cybersecurity Financial Services Compliance Privacy

February 15 deadline looms for first DFS Cybersecurity Certification

Data Protection Report

FEBRUARY 8, 2018

February 15, 2018, is quickly approaching and any entity subject to New York’s cybersecurity regulation (23 NYCRR Part 500) must file its first annual certification of compliance with the New York State Department of Financial Services (DFS) by that date.

Cybersecurity

Cybersecurity Financial Services Compliance Insurance

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Revised Definition of Class A Companies.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

New York SHIELD Act Requires Safeguards to Protect Private Information

Hunton Privacy

MARCH 24, 2020

On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) went into effect. Violations of the SHIELD Act are considered deceptive acts or practices and may be enforced by the New York Attorney General.

Encryption

Encryption Passwords Compliance Risk

Privacy and Cybersecurity October 2018 Events

HL Chronicle of Data Protection

SEPTEMBER 28, 2018

Please join us for our October 2018 Privacy and Cybersecurity Events. It is entitled “ Data Privacy on Steroids: Sweeping New Data Privacy/Security Regulation in the EU and California, and What it Means for American Business. ”. Location : New York City. GDPR Compliance. Location : New York City.

Privacy

Privacy Cybersecurity GDPR Data Privacy

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. “The rule broadly requires firms involved in securities issuance to have a compliance process in place to assure material information follows securities laws,” Satran wrote. billion last year.

Insurance

Insurance Risk Financial Services Mining

SEC Releases Cybersecurity and Resiliency Observations: A Potentially Useful Guide for Businesses

HL Chronicle of Data Protection

FEBRUARY 6, 2020

In today’s connected world, businesses face constant pressure to improve their cybersecurity practices and to confirm that they are meeting industry standards. Jake Nevola, a Law Clerk in our New York office, contributed to this entry.

Cybersecurity

Cybersecurity Risk Compliance Access

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

This is, in large part, because the complexity of business networks continues to escalate at a time when compliance mandates are intensifying. So people are realizing that identity is having this moment, with identity being the new perimeter.”. Compliance matters. As complexity has intensified, so have compliance challenges.

Digital transformation

Digital transformation Insurance Compliance Healthcare

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

HL Chronicle of Data Protection

OCTOBER 4, 2018

Various provisions under the regulations have been implemented on a staggered implementation timeline since that date. As you finalize your organization’s preparations for compliance, we have highlighted below key aspects of these obligations that come into effect on September 4. a)); and. Final Implementation date March 1, 2019.

Cybersecurity

Cybersecurity Encryption Financial Services Compliance

Privacy and Cybersecurity October 2018 Events

HL Chronicle of Data Protection

SEPTEMBER 28, 2018

Please join us for our October 2018 Privacy and Cybersecurity Events. It is entitled “ Data Privacy on Steroids: Sweeping New Data Privacy/Security Regulation in the EU and California, and What it Means for American Business. ”. Location : New York City. GDPR Compliance. Location : New York City.

Privacy

Privacy Cybersecurity GDPR Data Privacy

Penetration Testing vs. Vulnerability Testing

eSecurity Planet

FEBRUARY 25, 2022

Many cybersecurity audits now ask whether penetration testing is conducted and how vulnerabilities are detected and tracked. For many compliance regimes, an annual penetration test is required, but some organizations may be required to test more frequently. See the top code security and debugging tools. Minimum Requirements.

Phishing

Phishing Compliance Risk Cybersecurity

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

The groundbreaking California Consumer Privacy Act (CCPA) takes effect on January 1, 2020, and companies are already working on compliance. Join members of the Hogan Lovells Privacy and Cybersecurity team for our CCPA now program, a valuable opportunity to explore the questions that you need to address now in order to be ready.

Sales

Sales Financial Services Privacy Compliance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Third-Party Risk Management: NY DFS Regulation Compliance

Webinars

Trending Sources

AML, Cybersecurity Noncompliance Costs Coinbase $100M

Webinars

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

New York Publishes FAQs and Key Dates for Cybersecurity Regulation

Transition period under New York Cybersecurity Regulation ends March 1, 2019

$8 million penalty to NYDFS – and another case of over-retention

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

NYDFS finalizes cybersecurity rule amendments

New York Updates Cybersecurity Regulation for Financial Institutions

New York Attorney General Proposes Crypto Regulation, Protection, Transparency, and Oversight (CRPTO) Act

New York State Expected to Increase Enforcement of Cybersecurity Practices

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

NYDFS proposes significant cybersecurity regulation amendments

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

NYDFS Settles with Mortgage Company for Data Breach

NYDFS settles cybersecurity regulation matter for $3 million

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

NYDFS settles with EyeMed for $4.5 million

Webinar on Virginia’s Consumer Data Protection Act

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NYDFS Cybersecurity Regulations: A glimpse into the future

NYDFS settles cybersecurity regulation matter for $1.8 million

Privacy and Cybersecurity October 2018 Events

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

New York Enacts Stricter Data Cybersecurity Laws

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

New York SHIELD Act $600,000 settlement

NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies

February 15 deadline looms for first DFS Cybersecurity Certification

NYDFS Amends Cybersecurity Rules for Financial Services Companies

New York SHIELD Act Requires Safeguards to Protect Private Information

Privacy and Cybersecurity October 2018 Events

First American Financial Pays Farcical $500K Fine

SEC Releases Cybersecurity and Resiliency Observations: A Potentially Useful Guide for Businesses

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

New Obligations Under the NYDFS Cybersecurity Regulation Came Online in September

Privacy and Cybersecurity October 2018 Events

Penetration Testing vs. Vulnerability Testing

New York’s Breach Law Amendments and New Security Requirements

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

Stay Connected