By

Grady Nye

26 June 2017

NYDFS Issues FAQs for Recently Issued Cybersecurity Regulations

On June 20, 2017, the New York State Department of Financial Services (“NYDFS”) expanded its set of frequently asked questions (“FAQs”) and answers concerning its recently finalized Cybersecurity Regulations (23 NYCRR 500.01), which set forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk.  The now 17 questions included in the release address the types of entities that fall within the scope of the Regulations, the notice requirements attending a Cybersecurity Event (as defined in the Regulations), the annual certification requirement, and additional specific elements of the rules. (more…)

SHARE
EmailPrintShare
15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

SHARE
EmailPrintShare
28 February 2017

NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls

On February 16, 2017, the New York State Department of Financial Services (the “NYDFS”) issued its final regulations setting forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Final Regulations”).  The NYDFS issued the Final Regulations after considering feedback and criticism received during two comment periods  — one following the NYDFS’s initial publication of the proposed regulation (on September 13, 2016) and a second comment period after the NY DFS published a revised version of the regulation (on December 28, 2016.)

The Final Regulations will be effective as of March 1, 2017, with a transitional period of 180 days from that date for Covered Entities to comply with the Final Regulations, except for certain enumerated provisions for which longer compliance periods are specified.  The annual certification of compliance (covering the prior calendar year) will be required beginning on February 15, 2018.

(more…)

SHARE
EmailPrintShare
05 January 2017

NYDFS Revises Cybersecurity Regulations Incorporating Risk-Based Approach; Maintains Prescriptive Requirements and Certifications

On December 28, 2016, the New York State Department of Financial Services (the “NYDFS”) issued revised proposed regulations setting forth minimum requirements for NYDFS-regulated entities to address cybersecurity risk (“Revised Proposed Regulations”).  The NYDFS issued the Revised Proposed Regulations after considering feedback and criticism submitted during a 45-day comment period to address the initial proposal, issued on September 13, 2016.  The agency has announced an additional and final 30-day comment period from the date of publication to address new comments not previously raised in the original comment process.

(more…)

SHARE
EmailPrintShare
09 November 2015

Senate Passes Cybersecurity Legislation, Differences to be Worked Out with House Bills

On October 27, 2015, the Senate passed S. 754, the Cybersecurity Information Sharing Act (“CISA”), with bi-partisan support. Although some raised privacy concerns, CISA received backing from the Administration and support from many industry participants. The Senate bill must be reconciled with similar bills in the House (H.R. 1560 and H.R. 1731) before a conference version is produced. This process may be contentious as privacy advocates seek to strengthen protections for personal information, and Senator Richard Burr, Chairman of the Senate Intelligence Committee and co-sponsor of CISA, indicated that the conferencing process is unlikely to produce a resolution before January 2016.

(more…)

SHARE
EmailPrintShare
23 September 2015

Investment Adviser Charged by SEC for Failing to Adopt Proper Cybersecurity Policies

On September 22, 2015, the SEC announced that R.T. Jones Capital Equities Management, a St. Louis-based investment adviser, settled charges with the SEC for failing to establish cybersecurity policies and procedures as required by the SEC’s safeguards rule.  In July 2013, R.T. Jones was the victim of a cybersecurity breach that exposed the personally identifiable information (PII) of approximately 100,000 individuals, including firm clients.  Although the firm promptly provided notice of the breach to all affected individuals and retained cybersecurity consultants to trace the attack, the firm’s prompt response did not – according to the SEC – make up for its alleged failure to adopt written cybersecurity policies and procedures in the four years prior to the attack.

(more…)

SHARE
EmailPrintShare
17 September 2015

SEC’s OCIE Cybersecurity Risk Alert Announces Cybersecurity Examination Initiative

On September 15, 2015, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert announcing a new Cybersecurity Examination Initiative. The Alert provides the agency’s areas of focus for its next round of cybersecurity examinations of broker-dealers and investment advisers.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator