News & Analysis as of

Covered Entities Cybersecurity Reporting Requirements

Davis Wright Tremaine LLP

Deadline Approaching: Covered Entities Must File Certifications of Compliance With Amended NYDFS Cyber Regulation by April 15

In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more

Ogletree, Deakins, Nash, Smoak & Stewart,...

Reminder: New York Cybersecurity Reporting Deadline April 15, 2025; New Regulations Effective May 1, 2025

Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more

Katten Muchin Rosenman LLP

NYDFS Annual Compliance Submissions Due April 15, 2025 and New Compliance Requirements Effective on May 1, 2025

As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). As of November 1, 2024, Class A Companies and Covered Entities...more

Orrick, Herrington & Sutcliffe LLP

NYDFS reminds covered entities to submit notifications by April 15

On February 27, NYDFS reminded covered entities subject to the Cybersecurity Regulation to submit their annual compliance notifications for the 2024 calendar year. Covered entities must submit the compliance filing by April...more

Vinson & Elkins LLP

Proposed Cybersecurity Regulation Uncertain Under Trump Administration

Vinson & Elkins LLP on

Proposed cybersecurity regulation may face changes or challenges in view of the incoming Trump administration that is intent on reducing the perceived regulatory burden on American companies and streamlining government...more

Eversheds Sutherland (US) LLP

AI at the gate: NYDFS issues guidance on addressing new AI-driven cybersecurity risks under existing cybersecurity requirements

On October 16, 2024, the New York State Department of Financial Services (DFS) issued an industry letter providing guidance on how DFS-regulated entities (covered entities) should be evaluating and responding to artificial...more

Bradley Arant Boult Cummings LLP

Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses

A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the...more

Skadden, Arps, Slate, Meagher & Flom LLP

SEC Amends Reg S-P To Strengthen Data Breach Response Requirements and Protect Investor Information

On May 16, 2024, the Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P (Reg S-P), which broadly track the changes originally proposed in March 2023. The revised Reg S-P requires...more

WilmerHale

8 Questions To Ask Before Final CISA Breach Reporting Rule

WilmerHale on

On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make...more

Bass, Berry & Sims PLC

CISA Publishes Proposed Rule for Cyber Reporting

Bass, Berry & Sims PLC on

On April 4, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published its much-anticipated Notice of Proposed Rule Making for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)....more

Jones Day

CISA Releases Proposed Cyber Incident and Ransom Payment Reporting Rules to Implement CIRCIA

Jones Day on

CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more

Pillsbury Winthrop Shaw Pittman LLP

New CISA Rule Would Require Widespread Cyber Incident Reporting, Updated Timelines and Penalties for Critical Infrastructure...

Most businesses in the United States will have to file incident reports—including for ransomware payments—under the Proposed Rule. The Department of Homeland Security has the authority to issue subpoenas and even penalties...more

Schwabe, Williamson & Wyatt PC

Comments Sought on Proposed Requirements of the Cyber Incident Reporting for Critical ‎Infrastructure Act

On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more

Venable LLP

CIRCIA: Cyber Incident Reporting for Practically Everyone?

Venable LLP on

A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more

Jenner & Block

Client Alert: CISA Announces Proposed Cyber Incident Reporting Rule

Jenner & Block on

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the Department of Homeland Security (DHS), posted for public inspection its long-anticipated notice of proposed...more

McGlinchey Stafford

New York Cybersecurity Regulation Amended and Expanded

McGlinchey Stafford on

On November 1, 2023, the New York Department of Financial Services (NYDFS) adopted amendments to its Cybersecurity Regulation, 23 NYCRR Part 500 (Cybersecurity Regulation). This is the second amendment (Amendment) to its...more

Paul Hastings LLP

New NYDFS Part 500 Requirements Continue to Become Effective

Paul Hastings LLP on

New reporting obligations for covered entities under New York Department of Financial Services (NYDFS) Part 500 Cybersecurity Regulations went into effect on December 1, 2023. These new requirements are one portion of the...more

BakerHostetler

New York Department of Financial Services Publishes Proposed Second Amendment to Its Cybersecurity Regulation

BakerHostetler on

On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. ...more

Perkins Coie

CISA Seeks Input on New Cybersecurity Reporting Requirements

Perkins Coie on

President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) on March 15, 2022. The background and contours of CIRCIA are discussed in a previous update. CIRCIA authorizes and...more

BakerHostetler

NYDFS Proposed Amendments to Its Cybersecurity Rules

BakerHostetler on

​​​​​​​On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification...more

BCLP

Cyber Incident Reporting for Critical Infrastructure Act - What Companies Need to Know Now

BCLP on

The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity Act Signed Into Law Creates New Reporting Obligations

President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill.  The new law sets out mandatory reporting requirements for...more

Foster Garvey PC

New Reporting Requirements for Critical Infrastructure and Businesses

Foster Garvey PC on

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 ("the Act") was signed into law by the President on March 15, 2022, as part of the Consolidated Appropriations Act. The purpose of the Act is to educate...more

NAVEX

Strengthening American Cybersecurity Act of 2022

NAVEX on

On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more

Robinson+Cole Data Privacy + Security Insider

Yearly Data Breach Reporting Due to OCR by February 29

Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more

34 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide