In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]
Search Results for: NYDFS
NYDFS Issues Best Practices for Cyber Insurance Risk Management
Against the backdrop of the disruptions associated with the Covid-19 pandemic and SolarWinds cyber-espionage campaign, NYDFS has released guidance for insurers that underwrite cyber insurance policies and which contains a number of provisions expected to impact companies applying for or renewing cyber insurance coverage, not the least of which is a specific recommendation that insurers […]
The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation
On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]
In Response to Covid-19, NYDFS Delays while CA AG Declines to Change CCPA Timing
According to a report from the International Association of Privacy Professionals, the California Attorney General has confirmed that enforcement of the California Consumer Privacy Act (CCPA) will not be delayed due to the Covid-19 pandemic. “We’re committed to enforcing the law as early as July 1,” said a representative of the Attorney General’s office according […]
NYDFS Cybersecurity Regulations Nearly Fully Effective
The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]