NY DFS Cybersecurity Regulation

Digital ConceptAs predicted in our February 4, 2020 blog post, the New York Department of Financial Services (“DFS”) has filed its first formal charges for violation of the state’s cybersecurity regulation. The charges were filed against an insurance company for allegedly violating several provisions of Part 500 of Title 23 of the New York Codes,

Cyber laser targetThe NY Department of Financial Services Cybersecurity Regulation, 23 N.Y. Comp. Code R. & Regs. § 500, provides for the protection of customer information and information technology systems of Covered Entities, in recognition of the “ever growing threat posed to information and financial systems by nation-states, terrorist organizations and independent criminal actors.” The Cybersecurity Regulation is nearly three years old now, but for businesses that are not fully up to speed the consequences may soon be serious in light of anticipated enforcement activity. This includes credit-reporting agencies who were not covered under the Cybersecurity Regulation as initially enacted.

While the DFS has yet to impose a fine for inadequate cybersecurity compliance, this year may mark the beginning of more vigorous enforcement. This post provides an overview of the Cybersecurity Regulation for purposes of informing Covered Entities of certain notable requirements.
Continue Reading Enforcement of the NYDFS Cybersecurity Regulation Coming in the Near Future