On February 16, 2017, the New York Department of Financial Services (the “DFS”) released a final version (the “Final Regulation”) of its proposed regulation, previously released in an earlier revised form on December 28, 2016, that would require banks, insurance companies and other financial services institutions regulated by the DFS
Tiffany Quach
New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines
As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Original Proposal”).
On December 28, 2016, the DFS released a revised version of the Original Proposal (the “Revised Proposal”) that incorporates greater flexibility with respect to requirements as well as delayed compliance deadlines. The Revised Proposal is subject to a final thirty-day comment period.
Financial Industry Groups Criticize New York Department of Financial Services Cybersecurity Proposal; New Draft to be Released on December 28, 2016
As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by the DFS to adopt broad cybersecurity protections (the “Proposal”). The comment period for the Proposal closed in mid-November.
In late December, a DFS spokesman said that a revised Proposal will be filed with the state register on December 28, 2016 (followed by a new thirty-day comment period) and that the revised Proposal will come into effect on March 1, 2017 (two months later than the Proposal’s previous effective date of January 1, 2017).
California Amends Data Breach Notification Law to Require Notification of Breach of Encrypted Personal Information When Encryption Key Has Been Leaked
On September 13, 2016, California Governor Jerry Brown signed into law AB 2828, an amendment to the law that requires businesses to disclose data breaches to California residents whose personal information has been compromised.
Currently, the law requires notification of a breach when a California resident’s unencrypted personal information…
New York Department of Financial Services Proposes Cybersecurity Regulation
On September 13, 2016, New York Governor Andrew Cuomo announced that the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies, and other financial services institutions regulated by the DFS to establish and maintain a cybersecurity program (the “Proposal”). If the Proposal…
Recent State Enactments Regulating Unsolicited Text Messaging Could Have Broad Implications for Companies that Communicate to Customers’ Mobile Devices
Two states – New Jersey and Connecticut – have recently imposed additional legal conditions on electronic messaging to mobile devices. In a few ways, these laws may raise the bar for companies on compliance when sending text messages and possibly other forms of messaging to mobile devices.
On October 27, 2015, New Jersey Governor Chris Christie signed into law A-617, a bill prohibiting sending text message advertisements to New Jersey residents without the recipient’s prior permission, if the recipient could incur a charge or a usage allocation deduction for receiving the message. Prior permission must be express authorization from the intended recipient specifying the number to which the message may be sent, and may be revoked at any time. Violators may be penalized by a civil penalty imposed by the New Jersey Attorney General of up to $500 for the first offense and $1,000 each time after. The law also requires telecommunications companies to allow customers to block all incoming and outgoing text messages that result in charges or usage allocation deductions. The New Jersey law will become effective November 2016.