Global Privacy and Cybersecurity Law Updates and Analysis
On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.
The NYDFS, which regulates financial institutions including insurance companies, mortgage brokers and banks, adopted the original Cybersecurity Regulation in 2017. The new amendments strengthen the initial framework and require NYDFS-regulated entities to adhere to a number of additional prescriptive data security requirements, including adopting controls to prevent unauthorized access to information systems, conducting more regular risk assessments, maintaining robust incident response planning procedures, and adhering to updated notification requirements, such as the new requirement to report ransomware extortion payments to NYDFS within 24 hours of the payment.
The amended Cybersecurity Regulation will take effect in phases. Regulated entities generally have until April 29, 2024 to comply with the amended Regulation. Notably, however, the new reporting requirements will take effect sooner, on December 1, 2023. For certain other requirements, regulated entities will have between one and two years to reach compliance. Specific compliance dates can be found on the NYDFS Cybersecurity Resource Center website.
In the coming weeks, NYDFS will host an upcoming series of training sessions on the amended Cybersecurity Regulation to help regulated entities plan for compliance.
Hunton Andrews Kurth’s Privacy and Cybersecurity practice helps companies manage data at every step of the information life cycle. The firm is a leader in its field and for the fourth consecutive year has been ranked by Computerworld magazine in a survey of more than 4,000 corporate privacy leaders as the top law firm globally for privacy and data security. Chambers and Partners also rated Hunton Andrews Kurth the top privacy and data security practice in its Chambers Global, Chambers USA and Chambers UK guides.
Hunton Andrews Kurth’s award-winning Privacy & Information Security Law Blog is among the top-ranked legal blogs.
Related Posts
After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB
Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…
Read more
CA's top cybersecurity job has been vacant for almost 2 years – CalMatters
Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…
Read more
13 Cyber Security Measures Your Small Business Must Take – Tech.co
Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…
Read more
AVG Antivirus Free review – Ghacks
AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…
Read more
Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable
In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…
Read more
Information Security Vs. Cybersecurity: What's The Difference? – Forbes
Information Security Vs. Cybersecurity: What’s The Difference? Forbessource
Read more