Tag Archives: NYDFS

New York Department of Financial Services Publishes Proposed Second Amendment to Its Cybersecurity Regulation

Photo of Patrick H. HaggertyPhoto of Vaughn StupartPhoto of Elise ElamBy Patrick H. Haggerty, Vaughn Stupart and Elise Elam on Posted in Cybersecurity
On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. Our prior analysis of those amendments is available here. NYDFS did consider comments received in response to the pre-proposed amendments, as they … Continue Reading

NYDFS Proposed Amendments to Its Cybersecurity Rules

Photo of Patrick H. HaggertyPhoto of Elise ElamBy Patrick H. Haggerty and Elise Elam on Posted in Cybersecurity
On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for newly defined larger entities, increased expectations for oversight of … Continue Reading

Beware the Ides of March – Is Your NYDFS Cybersecurity Compliance in Order?

Photo of Jonathan A. FormanBy Eulonda Skyles and Jonathan A. Forman on Posted in Cybersecurity, Enforcement
March is now here and with it the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) is now in full force and effect, including requirements relating to Third Party Service Providers[1] (e.g., vendors, suppliers, agents). To comply with the regulation, banks, insurance companies, and other financial institutions and individuals who are, or … Continue Reading

Insurance Data Security Model Law Picks Up Steam

Photo of Andreas KaltsounisPhoto of Shea M. LeitchBy Andreas Kaltsounis and Shea M. Leitch on Posted in Cybersecurity, State Legislation
Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance and financial service entities licensed in the state of … Continue Reading

New York DFS Updates FAQs to Clarify Applicability of Cybersecurity Regulation

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Financial Privacy, State Legislation
With the first compliance deadline now less than two months away, the New York Department of Financial Services (NYDFS) has provided additional clarity concerning its new Cybersecurity Requirements for Financial Services Companies (the “Cybersecurity Regulation”) by publishing an update to previously issued Frequently Asked Questions. We reported on the forthcoming Cybersecurity Regulation in January and … Continue Reading

Finalized New York Department of Financial Services Cybersecurity Regulation to Take Effect March 1

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy, Information Security
On February 16, 2017, the New York Department of Financial Services (NYDFS) announced the release of its finalized Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulation”), which will take effect on March 1, 2017. This final iteration, issued following an additional 30-day comment period, is in large part the same as the revised version dated … Continue Reading

New York Department of Financial Services Issues Revised Cybersecurity Regulations

Photo of Melinda L. McLellanPhoto of Jonathan A. FormanBy Melinda L. McLellan and Jonathan A. Forman on Posted in Cybersecurity, Enforcement, Financial Privacy
With the clock ticking down to the new year, on December 28, 2016, the New York State Department of Financial Services (NYDFS) released highly anticipated revisions to its proposed Cybersecurity Requirements for Financial Services Companies (the “Proposal”). As we previously reported, the NYDFS first announced the proposed regulations in September; at that time, they were … Continue Reading

New York Department of Financial Services Proposes First Rule of Its Kind for Financial Institutions

By Kathryn Mellinger and Suchismita Pahi on Posted in Financial Privacy
In November, we reported on a proposal by the New York Department of Financial Services (NYDFS) for an extensive cybersecurity framework for its regulated financial institutions. Recently, Governor Cuomo announced a proposed rule requiring banks, insurance companies and other financial services institutions regulated by the NYDFS to establish and maintain a strong cybersecurity program. These … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

Photo of Gerald J. FergusonBy Gerald J. Ferguson and Jenna N. Felz on Posted in Cybersecurity, Financial Privacy
Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

By Jenna N. Felz on Posted in Financial Privacy
According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority.  Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

New York Department of Financial Services Sets Forth Extensive Cybersecurity Regulatory Framework Proposal

By Suchismita Pahi and Kathryn Mellinger on Posted in Cybersecurity, Information Security, State Legislation
On November 9, 2015, the New York State Department of Financial Services (NYDFS) issued a letter to the members of the Financial and Banking Information Infrastructure Committee (FBIIC) detailing a new cybersecurity framework proposal for “covered entities,” or financial institutions regulated by NYDFS. The framework builds on data from NYDFS reports surveying cybersecurity programs from … Continue Reading
LexBlog