Search Results for: NYDFS

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

July 27, 2020 By Kim Peretti and Dorian Simmons

On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]

In Response to Covid-19, NYDFS Delays while CA AG Declines to Change CCPA Timing

April 7, 2020 By Privacy, Cyber & Data Strategy Team

According to a report from the International Association of Privacy Professionals, the California Attorney General has confirmed that enforcement of the California Consumer Privacy Act (CCPA) will not be delayed due to the Covid-19 pandemic. “We’re committed to enforcing the law as early as July 1,” said a representative of the Attorney General’s office according […]

NYDFS Cybersecurity Regulations Nearly Fully Effective

February 15, 2019 By Kate Hanniford

The February 15, 2019 NYDFS compliance certification deadline represents the last annual compliance certification subject to the transition period for covered entities to come into compliance with the cybersecurity regulations. NYDFS now expects covered entities to certify as to their compliance with all but one provision of the cybersecurity regulations which relates to the implementation […]

NYDFS Cybersecurity Requirements Compliance Deadline Nears for Key Provisions

August 16, 2018 By Kate Hanniford

September 4, 2018 marks the end of the transitional period for covered entities to comply with several key provisions of the NYDFS Cybersecurity Requirements that require certain systemic and sustained measures. These provisions include the encryption and audit trail requirements as well as ones relating to the implementation of monitoring policies, procedures, and controls, application […]

FTC Announces Proposed Settlement with GoDaddy Incorporating Prescriptive Cybersecurity Requirements

January 21, 2025 By Kim Peretti, Lance Taubin and Carson Kuck

On January 15, 2025, the Federal Trade Commission (FTC) announced a proposed settlement with GoDaddy Inc. (GoDaddy) for making false or misleading representations about their security practices in violation of Section 5 of the FTC Act. GoDaddy, a website hosting company, serves approximately 5 million customers. In the complaint, the FTC indicated that although GoDaddy […]