The New York State Department of Financial Services (NYDFS) adopted comprehensive amendments to its cybersecurity regulation on Nov. 1, 2023. The amended regulation, including the notification provisions of §500.17, goes into...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
9/11/2023
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Duty of Oversight ,
Financial Institutions ,
Financial Services Industry ,
Internal Controls ,
NIST ,
NYDFS ,
Proposed Amendments ,
Risk Assessment ,
Security and Privacy Controls ,
Security Risk Assessments
On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. ...more
On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification...more
8/9/2022
/ Business Continuity Plans ,
Comment Period ,
Covered Entities ,
Cybersecurity ,
Disaster Preparedness ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Notice Requirements ,
NYDFS ,
Popular ,
Proposed Amendments ,
Ransomware ,
Reporting Requirements ,
Technology ,
Training Requirements
On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care...more
A company’s ability to quickly and efficiently conduct a forensic investigation is critical to limiting the impacts of a data security incident and determining the scope of the incident.
In BakerHostetler’s 2017 Data...more
Last year we saw an unprecedented number of companies of all sizes fall victim to a W-2 spear phishing scam. The scam usually began with a “spoofing” email that appeared to have been sent by a company’s CEO or CFO to one or...more
The HHS Office for Civil Rights (OCR) published an alert on November 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR Director Jocelyn Samuels. The email prompts...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more
The Federal Communications Commission (FCC) has had a busy 2015, and its presence in the data security regulatory enforcement space will likely continue to grow. Last year, the FCC named Travis LeBlanc as chief of the...more
Almost all U.S. states and territories have enacted breach notification laws requiring private and/or government entities to notify individuals when their personal information is compromised....more
9/23/2015
/ Benefit Plan Sponsors ,
Breach Notification Rule ,
Captive Insurance Company ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Insurance Industry ,
Life Insurance ,
Personally Identifiable Information ,
Popular ,
Property Insurance
On November 19, 2014, the Securities and Exchange Commission (SEC) unanimously voted to adopt Regulation Systems Compliance and Integrity (Reg SCI), which will govern the technology infrastructure of the U.S.’s securities...more
On November 5, 2014, the Chairman of the Commodity Futures Trading Commission, Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014.
Part of Chairman Massad’s remarks focused on the...more