Navigating the NYDFS' Cybersecurity Guidance on AI — The Consumer Finance Podcast
Will Resiliency Carry the Digital Asset Sector Through 2024: State-Level Developments — The Crypto Exchange Podcast
Climate Risk, the emerging risk
The NYDFS Updates Its Stringent Cybersecurity Regulations. Is This a Bellwether of Coming Industry Change? - The Consumer Finance Podcast
How the New York Department of Financial Services (DFS) Regulates Virtual Currency, a Close Look with Special Guest Kaitlin Asrow, Executive Deputy Superintendent of Research and Innovation, DFS
Compliance Into The Weeds - DFS Fines Carnival Cruise Lines for Cyber Failures
Compliance into the Weeds: DFS First Cyber Case-First American Title
Videocast: Asset management regulation in 2020 videocast series – Regulators step up pressure to implement LIBOR transition plans
Your Cyber Minute: State influences bring a new dawn of cyber regulations
Your Cyber Minute: Compliance with the Proposed NYDFS Cybersecurity Regulation
Your Cyber Minute: Harriet Pearson and Greg Lisa on the Proposed NYDFS Cyber Security Regulation
As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more
Our Privacy, Cyber & Data Strategy Team highlights the increasingly specific cybersecurity controls identified by regulators, explains why these enhanced cybersecurity controls have become the focus of regulators, and shares...more
In November 2023, New York State's Department of Financial Services (NYDFS) amended its cybersecurity regulation, Part 500. This legal alert provides an update for Covered Entities and Class A Businesses on the current NYDFS...more
On April 3, 2025, the New York State Department of Financial Services (“DFS”) issued reminders about upcoming implementation and reporting deadlines related to its cybersecurity regulations. Upcoming deadlines require...more
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
Covered entities regulated by the New York State Department of Financial Services (NYDFS) must submit cybersecurity compliance forms by April 15, 2025. New sets of requirements for system monitoring and access privileges,...more
Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of...more
Welcome to the “Data Privacy and Cybersecurity” chapter of our annual report, Consumer Financial Services: 2024 Year in Review. Consumer financial services regulators are taking a keen interest in artificial intelligence...more
As we previously reported, in 2023 the New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500). As of November 1, 2024, Class A Companies and Covered Entities...more
Financial firms doing business in New York should be mindful of a recent e-blast sent by the state’s financial regulator concerning cybersecurity requirements that become effective in less than two months. The New York...more
On February 27, NYDFS reminded covered entities subject to the Cybersecurity Regulation to submit their annual compliance notifications for the 2024 calendar year. Covered entities must submit the compliance filing by April...more
The New York State Department of Financial Services recently announced that it has entered into a consent order with PayPal, Inc. for violations of the NYDFS Cybersecurity Regulation. The consent order, under which PayPal has...more
Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New...more
On February 14, the Governor of New York signed into law SB 804 (the “Act”), which amends the general business law concerning when and how notifications for data breaches are provided to the New York Department of Financial...more
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
In 2024, financial sector regulators prioritized cybersecurity issues impacting financial institutions and the public. Key U.S. federal agencies—including the Securities and Exchange Commission, Federal Trade Commission, and...more
On January 23, 2025, the New York Department of Financial Services (DFS) announced that it reached a $2,000,000 settlement as part of a broader consent order with a peer-to-peer payment platform (“P2P”) about its...more
The year 2024 witnessed significant developments in the legal landscape governing artificial intelligence (AI). Three states passed comprehensive AI legislation, with others passing multiple laws that regulate certain AI...more
On December 24, 2024, New York Governor Kathy Hochul signed into law amendments to New York’s private-sector data breach notification law (General Business Law § 899-aa) and government agency data breach notification law (New...more
In December 2024, New York Governor Kathy Hochul signed into law two bills (A8872A and S2376B; collectively, the “Bills”) that amend New York’s Data Breach Notification Law. The Bills introduce a maximum thirty-day timeframe...more
Remote worker fraud is expected to continue to proliferate in 2025. Fully remote hiring and work, particularly in the technology sector, continues to pose unique business and legal risks for companies. Just in December 2024,...more
On December 21, 2024, New York Gov. Kathy Hochul signed into law S2659-B/A8872-A, which, effective immediately, changed timing requirements for notice under New York’s data breach notification law and expanded the list of...more
2024 saw continued expansion of laws, regulations and enforcement actions concerning privacy and data security. With no overarching federal privacy law, states continue to expand their enforcement. Four new comprehensive...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more