Kimberly Kiefer Peretti on NYDFS

Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance?

New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more

4/10/2024 / Compliance , Cyber Attacks , Cyber Incident Reporting , Cybersecurity , Data Breach , Incident Response Plans , NYDFS , Regulatory Oversight , Risk Management , Securities and Exchange Commission (SEC)

Top 10 Issues General Counsel Need to Know About Ransomware in 2024

Threat actors are evolving. Our Privacy, Cyber & Data Strategy Team explains how ransomware gangs have changed their tactics and how companies can respond to the threat while navigating new scrutiny from investors and...more

2/26/2024 / Corporate Counsel , Cyber Attacks , Cyber Crimes , Cyber Threats , Cybersecurity , Data Breach , Data Protection , Data Security , Data Theft , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management , Securities and Exchange Commission (SEC)

NYDFS Releases Circular Letter on Use of AI in Insurance Underwriting and Pricing

On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information...more

2/2/2024 / Algorithms , Artificial Intelligence , Consumer Financial Protection Bureau (CFPB) , Insurance Industry , NYDFS , Risk Management , Underwriting

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password...more

1/24/2024 / Cybersecurity , Financial Services Industry , NYDFS , Passwords , Risk Management

NYDFS Finalizes Second Amendment to Its Cybersecurity Regulation

Our Privacy, Cyber & Data Strategy and Privacy & Cybersecurity Litigation teams examine the New York Department of Financial Services’ finalized Second Amendment to its Cybersecurity Regulation....more

11/10/2023 / Compliance , Cybersecurity , Financial Institutions , Financial Services Industry , Notice Requirements , NYDFS , Popular

NY DFS Releases Revised Proposed Second Amendment of its Cybersecurity Regulation

The New York Department of Financial Services (“NY DFS”) published an updated proposed Second Amendment to its Cybersecurity Regulation (23 NYCRR Part 500) in the New York State Register on June 28, 2023, updating its...more

7/12/2023 / Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Risk Assessment

NYDFS Penalizes bitFlyer $1.2 Million for Violations to Cybersecurity Regulation

On May 1, 2023, bitFlyer USA, Inc. (“bitFlyer”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) for multiple deficiencies in bitFlyer’s cybersecurity program, most notably for failure...more

5/15/2023 / Cryptocurrency , Cybersecurity , Enforcement Actions , NYDFS , Popular , Risk Assessment

NYDFS Releases Significant Enhancements to its Cybersecurity Regulation in the Proposed Second Amendment

The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022....more

11/22/2022 / Asset Management , Cybersecurity , Data Protection , Data Retention , Financial Institutions , Financial Services Industry , NYDFS , Popular

NYDFS Announces Significant Cybersecurity Settlement with EyeMed Vision Care

On October 18, 2022, EyeMed Vision Care LLC (“EyeMed”) entered into a Consent Order with the New York Department of Financial Services (“DFS”) relating to a cybersecurity event from 2020 that exposed consumer nonpublic...more

10/26/2022 / Consent Order , Cybersecurity , Data Breach , NYDFS , Popular , Settlement

CSBS Releases Cybersecurity Programs to Help Nonbank Financial Services Institutions Improve Cybersecurity Posture

On August 9, 2022, the Conference of State Bank Supervisors (CSBS) released two cybersecurity tools for nonbank financial services institutions to help prepare for state cybersecurity exams and, ultimately, improve...more

9/29/2022 / CSBS , Cybersecurity , Financial Institutions , Financial Services Industry , NYDFS , Popular

The Digital Download – Alston & Bird’s Privacy, Cyber & Data Strategy Newsletter – February 2022

Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more

NYDFS Issues Guidance on Multi-Factor Authentication

The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of...more

12/15/2021 / Cybersecurity , Data Protection , Multi-Factor Authentication , NYDFS , Risk Mitigation

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated...more

7/6/2021 / Cyber Attacks , Cybersecurity , Data Protection , Financial Services Industry , NYDFS , Popular , Ransomware , Reporting Requirements , Risk Management

The Digital Download – Alston & Bird’s Privacy, Cyber & Data Strategy Newsletter – May 2021

Selected Developments in U.S. Law - NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses Following the SolarWinds cyber espionage attack and the resulting focus on supply chain risk, the New York...more

5/14/2021 / Cyber Attacks , Cyber Crimes , Cybersecurity , Data Breach , Data Security , FBI , NYDFS , Phishing Scams , Popular , Ransomware , Safe Harbors , Settlement , SolarWinds , Supply Chain

The NYDFS Brings First Enforcement Action under the Cybersecurity Regulation

On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”)...more

7/28/2020 / Cybersecurity , Data Protection , Data Security , NYDFS , Personal Information

New York Cybersecurity Rules: What Firms Need to Know

New York Governor Andrew Cuomo recently announced final “first-in-the-nation” cybersecurity regulations that took effect on March 1, 2017. New York’s Department of Financial Services (NYDFS) will administer these rules. NYDFS...more

5/30/2017 / Chief Information Security Officer (CISO) , Covered Entities , Cybersecurity , Data Protection , Financial Institutions , Financial Services Industry , NYDFS , Popular , Risk Assessment

NY Governor Cuomo Announces Final NYDFS Cybersecurity Regulations