November 2023

New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

By Rahul Mukhi, Melissa Faragasso & Kimberly Everett on November 7, 2023

Posted in Cybersecurity, Regulatory, United States

On November 1, the New York Department of Financial Services (“DFS” or the “Agency”) announced finalized amendments to its Cybersecurity Regulation applicable to DFS-regulated entities.[1] The finalized amendments to the Cybersecurity Regulation (the “Amendments”) contain significant revisions designed to mandate preventative measures to address common attack vectors and enhance cybersecurity governance, bringing more formality and uniformity to the assessment and mitigation of a covered entity’s specific cybersecurity risks.[2] The Amendments may also portend future changes to cybersecurity regulations outside of DFS, as the original DFS Cybersecurity Regulation influenced many existing cybersecurity requirements in other areas of the law. Continue Reading New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

FTC Finalizes Security Incident Reporting Amendments to GLBA Safeguards Rule

By Rahul Mukhi, Daniel Ilan & Melissa Faragasso on November 2, 2023

Posted in Cybersecurity, Financial Institutions, FTC Guidance

Last week, the Federal Trade Commission (“FTC” or “Commission”) finalized its supplemental revisions to the 2021 amendments to its implementation of the Gramm Leach Bliley Act Safeguards Rule (the “Amended Safeguards Rule”).[1] The supplemental revisions to the Amended Safeguards Rule will require covered non-banking financial institutions—e.g., automobile dealerships, mortgage brokers, payday lenders, retailers that issue credit cards—[2] to report certain security breaches impacting unencrypted customer information to the Commission no later than thirty (30) days after discovery.[3] The supplemental revisions to the Amended Safeguards Rule will take effect six (6) months after publication in the Federal Register.Continue Reading FTC Finalizes Security Incident Reporting Amendments to GLBA Safeguards Rule

Amélie Champsaur

Amélie Champsaur’s practice covers a broad range of financial regulatory, compliance and enforcement matters, at French and EU level.

View Latest Posts

Daniel Ilan

Daniel Ilan’s practice focuses on intellectual property law.

View Latest Posts

Chase D. Kaniecki

Chase Kaniecki’s practice focuses on international trade and national security matters, including CFIUS and global foreign direct investment, economic sanctions, export controls, customs, and trade…

View Latest Posts

Joon H. Kim

Joon H. Kim’s practice focuses on white-collar criminal defense, internal corporate investigations, regulatory enforcement, and crisis management, as well as complex commercial litigation and arbitration.

View Latest Posts

Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

James Norris-Jones

James Norris-Jones has substantial experience of English and international commercial dispute resolution including litigation, arbitration, investigations, and enforcement.

View Latest Posts

Menu

Cleary Cybersecurity and Privacy Watch

November 2023

New York Department of Financial Services Finalizes Amendments to Cybersecurity Regulation

FTC Finalizes Security Incident Reporting Amendments to GLBA Safeguards Rule