The New York State Department of Financial Services (“DFS”) Cybersecurity Regulation (“Regulation”) took effect on March 1, 2017, and applies to those entities operating or required to operate under New York banking, insurance and finance laws (“Covered Entities”). Covered Entities should have been in compliance with portions of the Regulation as of August 28, 2017, for which they certified compliance on February 15, 2018. Continue Reading Be Prepared for the September 3, 2018 Deadline for New York State Department of Financial Services Cybersecurity Regulation Requirements
Everyone has been to a lot of presentations, read articles and evaluated the General Data Privacy Regulation (“GDPR”) – yet many questions remain.
Many companies continue to struggle with determining whether (1) the GDPR applies to them and, if so, (2) what can be done before the May 25th compliance deadline.
It is not too late to have these questions answered when working with experienced counsel who can navigate the issues at hand. For instance, possession of any European Union (“EU”) resident’s data does not necessary trigger the GDPR. Indeed, making the legal determination regarding the applicability of the GDPR can be completed largely over the phone by discussing key issues and conducting a targeted follow-up investigation. If the GDPR applies, then there are a number of high-impact but manageable tasks that can be accomplished by May 25th. Of course, waiting longer to evaluate these issues only puts businesses at greater risk for the hefty (up to 20 million Euro or 4 percent of annual global revenue, whichever is greater) non-compliance penalties that may be applicable. Continue Reading GDPR – It’s Not Too Late to Work Towards Compliance
The New York Department of Financial Services (“DFS”) recently issued two additional answers to frequently asked questions related to filing procedures required by the DFS Cybersecurity Regulation (“Regulation”). The new FAQs come in the wake of the Regulation’s first annual Certification of Compliance filing deadline of February 15, 2018. The DFS clarified that individual licensees who are required to file a Certification of Compliance are acting as a “Senior Officer” as defined in the Regulation. The DFS also offered guidance to Covered Entities regarding the use of an “Entity ID” to complete required filings via the DFS’ cybersecurity portal. Continue Reading DFS Answers New FAQs Regarding Filing Procedures Under DFS Cybersecurity Regulation
The Department of Financial Services (“DFS” or “Department”) has issued notices to entities and licensees that it believes have failed to file a Certification of Compliance (“Certification”) pursuant to the Department’s Cybersecurity Regulation (“Regulation”). The Regulation required all DFS-regulated entities and licensed persons to submit a Certification by February 15, 2018 to verify compliance with the portions of the Regulation that were in effect at the end of 2017.
For an overview of the Regulation and its key compliance dates, please refer to the full DFS Regulation Client Alert.
For additional information regarding the DFS Regulation notices, please see our most recent Client Alert.
For additional questions about the recently issued Cybersecurity Regulation notices, please contact Jennifer A. Beckage at (716) 847-7093, firstname.lastname@example.org, or any member of the firm’s Data Security & Privacy Practice Team.
On February 21, 2018, the U.S. Securities and Exchange Commission (“SEC”) issued updated guidance to assist public companies with disclosure obligations under the federal securities laws relating to cybersecurity risks and incidents (“Guidance”). In addition to expanding upon the SEC’s prior guidance on cybersecurity, which focused on the disclosure of cybersecurity risks and incidents, the Guidance addresses two new issues – the implementation of cybersecurity policies and procedures and the examination of insider trading prohibitions in the wake of cybersecurity incidents. For additional information regarding the SEC’s new Guidance, please refer to the full Data Security & Privacy Client Alert. For a chronology summary of upcoming key dates and corresponding obligations under the Regulation, please see our most recent Data Security & Privacy Client Alert.
As noted in Phillips Lytle’s recent Data Security & Privacy Client Alert, the new General Data Protection Regulation (“GDPR”) goes into effect on May 25, 2018. GDPR is a regulation that imposes requirements on businesses to protect the personal data of European citizens. The regulation employs a very broad definition of what constitutes personal identification information and contains directives for handling data, as well as reporting breaches. For additional information regarding the obligations under the new regulation, please refer to the full GDPR Client Alert.
On Monday, Superintendent Maria T. Vullo of the New York State Department of Financial Services (“DFS”) issued a reminder about the upcoming certification deadline under the DFS’s landmark Cybersecurity Regulation (“Regulation”). Superintendent Vullo stated that “[t]he DFS compliance certification is a critical governance pillar for the cybersecurity program of all DFS regulated entities.” Accordingly, by February 15, 2018, all Covered Entities under the Regulation must file the first compliance certification with DFS. The compliance certification is a statement to the Superintendent that demonstrates compliance with the Regulation during the preceding calendar year. Continue Reading New York Department of Financial Services Publishes a Reminder about the Upcoming February 15, 2018 Compliance Certification Filing Deadline for Its Cybersecurity Regulation
As noted in Phillips Lytle’s most recent Data Security & Privacy Client Alert, there are only a few short weeks until the first certification deadline under the New York State Department of Financial Services Cybersecurity Regulation (“Regulation”). Pursuant to the Regulation, those who are operating or required to operate under New York banking, insurance and finance laws must submit their first certification of compliance with the Regulation by February 15, 2018. Continue Reading NYSDFS Cybersecurity Regulation: Certification of Compliance Required by February 15, 2018