NY Department of Financial Services

Subscribe to NY Department of Financial Services

On Friday, May 29, 2020, Davis Polk’s own Rob Cohen led a panel on cybersecurity law and enforcement issues for the Practising Law Institute’s (“PLI”) tenth annual program on enforcement. The panel included individuals from the FBI, U.S. Attorney’s Office for the Southern District of New York, New York
Continue Reading PLI Cybersecurity Enforcement Panel: Lessons Learned from Regulators and Law Enforcement

On Tuesday April 14, 2020, the fifth annual Incident Response Forum (the “Forum”) convened an extensive roster of presenters from private practice and the government, including from the DHS, DOJ, FTC, SEC, NYDFS, FBI, and the Secret Service, to discuss best practices for incident response.

The government panelists shared insights
Continue Reading 2020 Incident Response Forum: Lessons Learned from Regulators and Law Enforcement

As we have discussed here previously, the coronavirus outbreak has driven many companies further into the digital workplace, putting new strains on information technology systems and related privacy and security compliance controls.  Despite these burdens on companies, few regulators have offered relief from their privacy and security requirements.  As detailed
Continue Reading Data Privacy and Security Requirements During Coronavirus? Little Relief in Sight

In the last few years, we have seen a dramatic increase in the purchase and sale of alternative data—a shorthand for big data sets, such as satellite images of parking lots, drug approvals, credit card purchases, cellphone data on retail foot traffic, and construction permits. According to alternativedata.org, the alternative
Continue Reading Alternative Data Goes Mainstream, and Gets Increased Attention from Regulators

We have written here before about the challenges and benefits of getting rid of old data.  As we have noted, in light of recent legal, regulatory, and technological developments, companies should reevaluate their long-term data management planning.  Last week, the New York Department of Financial Services (“NYDFS”) issued a reminder
Continue Reading With the Sedona Report, Companies Get Some Helpful Guidance on How to Get Rid of Large Volumes of Old Data

On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague.  The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain,
Continue Reading Standards vs. Rules for Cyber Regulation – The Eleventh Circuit Weighs in Against the FTC and in Tacit Support for the NYDFS Approach

We had previously predicted that the Equifax data breach could lead to increased state-level cybersecurity enforcement. On June 27, the NYDFS announced that Equifax has agreed to take corrective action for its 2017 data breach, as set forth in a consent order reached with the NYDFS and seven other
Continue Reading NYDFS Brings Its First Cybersecurity Enforcement Action

For years, the default setting at many companies was to keep electronic data indefinitely. Storage is cheap, there are legal risks associated with deleting data, and you never know when an email from 10 years ago is going to become important. Some companies have document management policies, but often they
Continue Reading Getting Rid of Old Data Is Becoming a Regulatory Requirement

The New York Department of Financial Services (“NYDFS”) recently issued guidance for its covered entities[1] highlighting the importance of cybersecurity as a necessary part of M&A due diligence. This guidance comes in the greater context of the Yahoo! SEC resolution to demonstrate that regulators are paying close attention to
Continue Reading NYDFS Highlights Continued Importance of Cybersecurity in M&A Due Diligence

The new year is fast approaching.  2017 has been a year of major cyber incidents, including the Equifax breach.  Cybersecurity will continue to be a top concern for companies in the new year.  Avi Gesser spoke with Markets Media about his outlook for cybersecurity law and regulation in 2018.

Which


Continue Reading Cybersecurity Law and Regulatory Predictions for 2018