Privacy & Cyber Regulatory Enforcement

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

July 11, 2023 By Kim Peretti, Kate Hanniford, Ashley Miller and Lance Taubin

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its previous proposed Second Amendment, which was published November 9, 2022. While the language proposed is largely similar to the previous […]

SEC’s Proposed Cybersecurity Rules Delayed Yet Again

July 6, 2023 By Kim Peretti and Lance Taubin

On June 13, 2023, the Securities and Exchange Commission (“SEC”) published its Spring 2023 rulemaking agenda that delayed finalizing the proposed Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public companies and proposed rule on Cyber Risk Management for Investment Advisers, Registered Investment Companies and Business Development Companies until at least October 2023. […]

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

May 13, 2023 By Kim Peretti, Kate Hanniford, Lance Taubin and Ashley Miller

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure to conduct periodic risk assessments to sufficiently inform the design of bitFlyer’s cybersecurity program (as required by 23 NYCRR § 500.09(a)). BitFlyer […]

China’s Standard Contractual Clauses for Cross-Border Transfers of Personal Information

April 3, 2023 By Kim Peretti and Lance Taubin

On February 24, 2023, the Cyberspace Administration of China (“CAC”) released its final version of the Standard Contract Measures for Exporting Personal Information (“Standard Contract Measures”), accompanied by a template contract outlining the standard contractual clauses (the “PIPL SCCs”). The Standard Contract Measures are effective June 1, 2023, however, organizations transferring personal information outside of […]

HHS and FTC Expanding Technology, Privacy, and Cybersecurity Divisions

March 23, 2023 By Sara Pullen

In recent weeks, FTC and HHS have announced expansion of the operational areas of their organizations that are dedicated to enforcement of laws and regulations related to technology, privacy, and cybersecurity. On February 17, 2023, the FTC announced the creation of a new Office of Technology in order to “strengthen the FTC’s ability to keep […]