Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
2/25/2025
/ Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Privacy Laws ,
Reporting Requirements ,
State Privacy Laws
Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds...more
11/5/2024
/ Due Diligence ,
Electronic Monitoring ,
Embezzlement ,
Employee Training ,
FBI ,
Financial Institutions ,
Hiring & Firing ,
Industry Letters ,
Information Technology ,
North Korea ,
NYDFS ,
Remote Working ,
US Department of State
Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats...more
Key Point: The Federal Trade Commission (FTC) has amended the Safeguards Rule to require non-banking financial institutions to inform the FTC within 30 days of discovering any unauthorized acquisition of unencrypted customer...more
10/31/2023
/ Amended Rules ,
Board of Governors ,
Breach Notification Rule ,
Cyber Incident Reporting ,
Data Breach ,
Data Security ,
Dodd-Frank ,
FDIC ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
GLBA Privacy ,
Gramm-Leach-Blilely Act ,
Non-Public Information ,
NYDFS ,
OCC ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Keypoint: New York’s Division of Financial Services (DFS) now requires Property and Casualty Insurers writing cyber insurance to comply with the Division’s Cyber Insurance Risk Framework to manage their risk.
In her...more
3/9/2021
/ California Consumer Privacy Act (CCPA) ,
Casualty Insurance ,
Civil Monetary Penalty ,
Cyber Crimes ,
Cyber Insurance ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
Insurance Litigation ,
Law Enforcement ,
NYDFS ,
Office of Foreign Assets Control (OFAC) ,
Policy Terms ,
Property Insurance ,
Ransomware ,
Risk Assessment ,
Risk Management ,
Third-Party Service Provider
Key Point: The New York Attorney General’s Office (NYAG) reached a Consent and Stipulation Agreement with Dunkin’ Brands, Inc. (Dunkin), which obligates the company to implement and maintain a comprehensive information...more
9/23/2020
/ Attorney General ,
California Consumer Privacy Act (CCPA) ,
Consumers ,
Cyber Attacks ,
Data Breach ,
Data Security ,
Dunkin' Donuts ,
Federal Trade Commission (FTC) ,
Hackers ,
Misleading Statements ,
New York ,
NYDFS ,
Perks ,
SHIELD Act ,
Zoom®