GDPR + NYDFS Cybersecurity Regulations: Keeping up with Compliance on a Local and Global Scale

Lawrence Montle is currently the Chief Information Security Officer and Privacy Officer at the New York State Insurance Fund (NYSIF). He is responsible for the development and implementation of a comprehensive information security plan to improve and insure agency security levels. In this role, Mr. Montle oversees the recommendation and design of targeted strategies and initiatives to effectively assess risks, maintain the security of NYSIF’s proprietary data, and ensure its protection from unauthorized use.

He also functions as a liaison to the Office of CyberSecurity and Critical Infrastructure Coordination, administering security training for agency staff and ensuring NYSIF's compliance with statewide security policies, privacy standards and controls. Prior to joining NYSIF, Mr. Montle served as internal audit director for the Department of Financial Services, where he oversaw audits conducted by the New York State Comptroller’s office and other external entities, and monitored compliance and adherence to policy review and internal controls.

Among other achievements, he implemented a comprehensive internal audit internship program to train and mentor students. Mr. Montle’s previous positions include serving as information technology director at the New York Liquidation Bureau and working at Verizon as an IT auditor, systems engineer, and network engineer for over a decade. He holds certifications in information privacy (CIPP/US), fraud examination (CFE), information systems auditing (CISA) and is licensed to practice law in N.Y. and D.C. Mr. Montle received his MBA in finance and management from Fordham University and his JD from New York Law School. He obtained his undergraduate degree from New York University.

John Davis is co-chair of Crowell & Moring’s E-Discovery & Information Management Practice and a member of the Litigation Group. John has over 20 years of experience advising clients on information law issues – including discovery, data analytics, privacy, cross-border transfers, cybersecurity, information governance and emergent technology – and representing companies in complex litigations. He leads responses to U.S. and foreign governmental inquiries, conducts international investigations of data breaches, and counsels companies on managing data risk in litigation and through their policies and procedures. John is an award-winning author and frequent lecturer on investigations and information law.

John received his law degree magna cum laude from the Georgetown University Law Center, where he was admitted to the Order of the Coif and served as senior articles editor of the American Criminal Law Review. Before joining Crowell & Moring, John was counsel at UBS and the head of its Global Complex Cases – E-Discovery group. John also practiced at an international law firm based out of its New York and San Francisco offices.

John is a member of the bars of the States of New York and California (inactive), the U.S. Supreme Court, the U.S. Courts of Appeals for the Second and Eleventh Circuits, and multiple federal district courts.

Orrie Dinstein is the Global Chief Privacy Officer at March & McLennan Companies. He has global responsibility for data protection, and he works closely with the Legal, Compliance, IT and Information Security teams as well as other functions to establish policies, procedures, processes and tools related to data privacy and security matters. Prior to joining Marsh & McLennan, Orrie was the Chief Privacy Officer of GE Capital.

Orrie received an LL.M. degree in intellectual property from NYU School of Law and is a graduate of the Hebrew University of Jerusalem School of Law. He is a member of the New York State Bar and the Israel Bar. He is a Certified Information Privacy Professional (CIPP) and a frequent speaker on privacy, social media and technology matters.