Data Security

NYDFS Issues Guidance on Multi-Factor Authentication

December 14, 2021 By Kim Peretti, Kate Hanniford and Kristen Bartolotta

The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new guidance is consistent with its June guidance, in which NYDFS clarified its expectation that NYDFS-regulated covered entities subject to 500.12 […]

China’s Initial Draft Regulations on the Management of Online Data Security: Important Takeaways

December 2, 2021 By Kim Peretti, Yin Zhao and Lance Taubin

On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL). Consistent with such laws, the Regulations broadly apply to processing […]

Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents

November 22, 2021 By Kate Hanniford and Kristen Bartolotta

On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to improve the sharing of information about cyber incidents that may affect the U.S. banking system. The rule applies to […]

FTC Revises the Safeguards Rule and Proposes Mandatory Reporting of Cybersecurity Events

November 1, 2021 By Kathleen Benway, Kim Peretti and Kate Hanniford

On October 27, 2021, the FTC released its much-anticipated final revisions to the Gramm-Leach-Bliley Safeguards Rule (Safeguards Rule or Final Rule), following a 3-2 vote along party lines and also released a notice of proposed rulemaking that would require reporting to the FTC of certain cybersecurity events. Revisions to the Safeguards Rule Effective since 2003, […]

Department of Justice Announces New Civil Fraud Cybersecurity Enforcement Team

October 7, 2021 By Kellen Dwyer, Kim Peretti and Jon Knight

On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to “pursue…those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards.” Stating the Department will pursue “very hefty fines,” […]