On October 22, 2021, the New York Department of Financial Services (“NYDFS”) issued an interpretive letter that provides guidance on how entities regulated by NYDFS (“Covered Entities”) may comply with the NYDFS Cybersecurity Regulation by adopting the cybersecurity program of an affiliate (“Affiliate Program Letter”).1 According to the Affiliate Program Letter, a Covered Entity
Lawrence R. Hamilton
Breaking Down Blockchain: Implications of Blockchain Technology for the Insurance Industry
As the decade comes to a close, new technologies are having a major impact on how insurance industry participants conduct their operations – especially how they collect, process, analyze, store and disseminate vast amounts of data – as well as how they interact with those with whom they do business. In recent years, blockchain technology…
Keeping It Private: GDPR and Developments in Data Privacy in 2018
By any measure, 2018 was a major year for data privacy regulation. The most significant regulatory development in this area was the European Union’s General Data Privacy Regulation (“GDPR”), which went into effect on May 25, 2018 and establishes what is probably the most rigorous data protection regime currently in existence. As adopted, GDPR includes…
5 Considerations for General Counsels Regarding the New York Cybersecurity Regulations
The cybersecurity regulation (“CyberRegs”) adopted by the New York State Department of Financial Services (“NYDFS”) is almost two years old and will be fully in effect by March 2019. The CyberRegs has already had a broad impact on financial institutions that are authorized to engage in business in New York (“Covered Entities”). Furthermore, even for…
Cybersecurity and Data Privacy: Navigating a Constantly Changing Landscape
The cybersecurity and data privacy landscape continues to change, creating significant new risks for businesses across economic sectors. New types of litigation are emerging, new regulatory regimes are entering into force, and new laws promise yet further compliance challenges in the future. At the same time, a wide range of threat actors are launching more…
NAIC Adopts Insurance Data Security Model Law
On October 24, 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. The NAIC Model Law builds on existing data privacy and consumer breach notification requirements by requiring insurance licensees to comply with detailed requirements regarding their information security program and responding to and giving notification of cybersecurity events.…
Staying Ahead of the Curve: Cybersecurity and Data Privacy–Hot Topics for Global Businesses
Cyber threats continue to evolve, and data privacy considerations continue to grow more complex. Whether defending against global ransomware campaigns or adjusting to new legal regimes governing international data transfers, companies of all sizes today face unprecedented cybersecurity and data privacy challenges.
Our practical guide, Staying Ahead of the Curve: Cybersecurity and Data Privacy—Hot Topics…
The New York State DFS Cybersecurity Regulation: Preparing for Compliance
Bylined article by Financial Services Regulatory & Enforcement partner Jeffrey Taft (Washington DC), Corporate & Securities partner Larry Hamilton (Chicago), Cybersecurity & Data Privacy partner Stephen Lilley (Washington DC) and Financial Services Regulatory & Enforcement associate Matthew Bisanz (Washington DC).
Cybersecurity: NY Adopts Final Regulations for Banks, Insurance Businesses and Other Financial Services Institutions
…
New York Releases Proposed Cybersecurity Regulations Affecting Banks, Insurers and Other Financial Services Firms
The New York State Department of Financial Services (“DFS”) on September 13, 2016, proposed regulations, to be effective as of January 1, 2017, that would mandate cybersecurity standards for any entity authorized by DFS to operate in New York, including certain banks and insurance companies doing business in New York. The proposed “Cybersecurity Requirements…