Cybersecurity Compliance Lessons From NYDFS’ Carnival Action

Following four cybersecurity breaches that targeted the company between 2019 and 2021, the New York State Department of Financial Services (NYDFS) recently entered into a consent order with Carnival Corporation and hit the cruise ship company with a $5‑million penalty for violations of the department’s stringent Cybersecurity Regulation. With insight from attorneys at Debevoise, Clifford Chance and Hogan Lovells, including NYDFS veterans, we discuss key aspects of the breach and the consent order, and provide practical compliance lessons. See “Two Settlements Show NYDFS’ Hidden Power to Use Other States’ Breach Laws” (May 5, 2021).

To read the full article

Continue reading your article with a CSLR subscription.