• |

Aug. 12, 2020

Six Compliance Lessons From NYDFS’ First Cybersecurity Regulation Enforcement Action

  • Matt Fleischer-Black
    Cybersecurity Law Report
Three years after New York’s expansive Cybersecurity Regulation went into effect, the state’s Department of Financial Services (DFS) has brought its first enforcement action, charging First American Title Insurance Co. for its handling of a vulnerability that allowed easy access to over 65 million documents containing individuals’ bank account and other sensitive non-public information. The DFS alleges that the insurer violated its obligations to safeguard the data by failing to adequately assess the security risks around its trove of documents, then conducting “a preposterously minimal review” once it became aware of the problem. In this article, we detail the relevant allegations and provide insights from lawyers at ACA Aponix, BakerHostetler, Debevoise & Plimpton, Freshfields and Hogan Lovells about DFS’ enforcement approach and compliance lessons for companies. See “How Is COVID-19 Affecting Cybersecurity Risk, Readiness, Reporting and NYDFS Enforcement?” (Apr. 22, 2020).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.