A stream of cybersecurity enforcement actions have now begun to flow from the New York State Department of Financial Services (DFS), including pursuant to its cybersecurity regulation known as “Part 500.” See 23 N.Y.C.R.R. §500 et al. Regulated entities and cybersecurity practitioners should take note as the agency fashions regulatory expectations and signals that more enforcement is on the way.
First issued in March 2017, Part 500 contains a two-year implementation period intended to permit regulated entities to design and implement the required “robust” cybersecurity program. DFS took a patient regulatory approach during the interim period, encouraging firms to enact an adequate cybersecurity program and cheerleading for cybersecurity generally. See Matthew L. Levine, “Anticipating the First Cybersecurity Action from NYDFS,” New York Law Journal (Jan. 6, 2020).
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
