Featured

Turning Bad Breach Response Up to 11: Uber Shows Us What (Else) to Avoid in Response to a Breach

At the recent 2017 GreyCastle Cybersecurity Symposium: Generation Cyber, I had the pleasure of presenting the “Top 10 Legal Pitfalls to Avoid in Relation to a Data Breach.”

Continue reading
155 Hits
Featured

Cybersecurity Regulations Can Move at Lightning Speed; Don’t Get Burned!

As we have noted previously on the new DFS cybersecurity regulations, 23 N.Y.C.R.R. Part 500, the regulatory process is—by definition—vastly more swift and adaptable than the legislative process. What may get bogged down in legislative committee for months or years can be hammered out in a matter of days in the administrative state.

Continue reading
905 Hits
Featured

What does the Equifax breach mean to your organization? Quite a lot, actually.

The sheer size of the recent Equifax breach—affecting nearly half of all Americans and potentially more than half of those over 18—is staggering.  It is the nature of the breach, however, and the type of information taken, that gives the greatest pause.

Continue reading
1045 Hits
Featured

The Risk in Conducting Your Risk Assessment

Few things have upended the world of cybersecurity regulation in the United States recently more than the new cybersecurity regulations issued by the New York State Department of Financial Services (“DFS”) in March of this year. Found in 23 N.Y.C.R.R. Part 500, these new regulations are sweeping in scope and reach far beyond the financial services sector in New York, affecting entities that support that sector as well as a number of other entities that may not have thought of themselves as governed, even in part, by DFS.

Continue reading
996 Hits
Featured

The Dangers of Regulatory Creep - Do New York DFS Cybersecurity Regulations Apply to Federally Chartered Financial Institutions?

In February 2017, the New York State Department of Financial Services (“DFS”) finalized a new set of cybersecurity regulations that governs New York’s banking, insurance, and financial services industries. Entities in those industries are required to develop and implement cybersecurity programs tailored to their individual risk levels. See Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.§ 500.02.

Continue reading
1670 Hits