As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Original Proposal”).

On December 28, 2016, the DFS released a revised version of the Original Proposal (the “Revised Proposal”) that incorporates greater flexibility with respect to requirements as well as delayed compliance deadlines. The Revised Proposal is subject to a final thirty-day comment period.

As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Proposal”). The comment period for the Proposal closed in mid-November.

In late December, a DFS spokesman said that a revised Proposal will be filed with the state register on December 28, 2016 (followed by a new thirty-day comment period) and that the revised Proposal will come into effect on March 1, 2017 (two months later than the Proposal’s previous effective date of January 1, 2017).

On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised.

Currently, the law requires notification of a breach when a California resident’s unencrypted personal information

On September 13, 2016, New York Governor Andrew Cuomo announced that the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies, and other financial services institutions regulated by the DFS to establish and maintain a cybersecurity program (the “Proposal”). If the Proposal

Two states – New Jersey and Connecticut – have recently imposed additional legal conditions on electronic messaging to mobile devices. In a few ways, these laws may raise the bar for companies on compliance when sending text messages and possibly other forms of messaging to mobile devices.

On October 27, 2015, New Jersey Governor Chris Christie signed into law A-617, a bill prohibiting sending text message advertisements to New Jersey residents without the recipient’s prior permission, if the recipient could incur a charge or a usage allocation deduction for receiving the message. Prior permission must be express authorization from the intended recipient specifying the number to which the message may be sent, and may be revoked at any time.  Violators may be penalized by a civil penalty imposed by the New Jersey Attorney General of up to $500 for the first offense and $1,000 each time after. The law also requires telecommunications companies to allow customers to block all incoming and outgoing text messages that result in charges or usage allocation deductions.  The New Jersey law will become effective November 2016.