New Cybersecurity Rules Now in Effect for Entities Regulated by New York State Department of Financial Services

By Tonia Klausner & Wendell Bartnick on March 2, 2017

ThinkstockPhotos-524882074_web On March 1, 2017, new cybersecurity rules went into effect for entities regulated by the New York State Department of Financial Services (DFS). The Cybersecurity Requirements for Financial Services Companies are designed to help protect business and customer information and the IT systems of the entities that DFS regulates. While the Cybersecurity Requirements took effect on March 1, regulated entities have 180 days to comply. The final requirements are available here.

Who Is Regulated?

The Cybersecurity Requirements apply to companies “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law” (“covered entities”). Covered entities include banks, savings and loans, trust companies, check cashers, credit unions, money transmitters, lenders, insurers, holding companies, investment companies, mortgage brokers, originators, and servicers, and certain other regulated types of companies doing business in New York. Smaller covered entities are exempt from certain components of the Cybersecurity Requirements, but they are required to file an exemption form with DFS.
Continue Reading New Cybersecurity Rules Now in Effect for Entities Regulated by New York State Department of Financial Services

W-2 Phishing Scammers Are Targeting Tech Companies

By Tonia Klausner, Lydia Parnes, Christopher Olsen & Wendell Bartnick on January 30, 2017

Posted in Cybersecurity

The W-2 phishing scams are back. Fraudsters have learned that W-2 phishing scams can be highly effective when targeting businesses while they are handling and sending employee income-tax-related documents early in a new year. Once…
Continue Reading W-2 Phishing Scammers Are Targeting Tech Companies

EU Commission Publishes Proposal for e-Privacy Regulation: The Top Nine Key Points You Need to Know

By Cédric Burton, Sarah Cadiot & Laura De Boel on January 11, 2017

Posted in European Union, Privacy, Regulatory

ThinkstockPhotos-479430151-web On January 10, 2017, the European Commission published a Proposal for a Regulation that if adopted would have significant and far-reaching implications for Internet-based services and technologies.

The proposal seeks to revise the current EU…
Continue Reading EU Commission Publishes Proposal for e-Privacy Regulation: The Top Nine Key Points You Need to Know

What’s a CID and What Happens If You Receive One from the FTC?

By Christopher Olsen on January 9, 2017

Posted in Regulatory

ThinkstockPhotos-482254719_web Those with experience working with the U.S. Federal Trade Commission (FTC) exchange any number of acronyms freely: CPB (Bureau of Consumer), DPIP (Division of Privacy and Identity Protection, part of the CPB), and, perhaps the…
Continue Reading What’s a CID and What Happens If You Receive One from the FTC?

FCC Orders Far-Reaching New Privacy and Data Security Rules

By Tracy Shapiro & Christopher Olsen on October 27, 2016

Posted in Privacy, Regulatory

ThinkstockPhotos-516657408_web As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new…

Continue Reading FCC Orders Far-Reaching New Privacy and Data Security Rules

Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

By Cédric Burton, Laura De Boel, Sarah Cadiot & Sára Hoffman on July 27, 2016

Posted in European Union, Privacy, Regulatory

On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the WP29 continues to…
Continue Reading Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

The Data Advisor

New Cybersecurity Rules Now in Effect for Entities Regulated by New York State Department of Financial Services

W-2 Phishing Scammers Are Targeting Tech Companies

What’s a CID and What Happens If You Receive One from the FTC?

FCC Orders Far-Reaching New Privacy and Data Security Rules

Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

ABOUT OUR DATA, PRIVACY, AND CYBERSECURITY PRACTICE