Dan Pepper (US)

Subscribe to all posts by Dan Pepper (US)

NYDFS issues significant guidance on insurers using AI or external data

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing. This Proposed Circular does not create or change any legislation, but once finalized, will … Continue reading

FCC adopts updated data breach notification rules to protect consumers

On December 13, 2023, the Federal Communications Commission (FCC) voted to update a 16-year-old privacy rule expanding breach notification requirements for telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS). Under the new rule, these companies are now required to adequately safeguard sensitive customer information in an attempt to hold phone companies … Continue reading

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. These revisions represent the most significant modifications since the enactment of the rules in March 2017. Noticeably, covered entities are now subject to new requirements imposing heightened responsibilities on Chief Information Security … Continue reading

FTC amendment to Safeguards Rule

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Requirements Approved on October 27, 2023 by a 3-0 vote by the Commission after a public comment period, the amendment requires non-banking financial … Continue reading

NIST Proposes Revised Security Guidelines For Federal Contractors

In response to the constantly evolving landscape of cybersecurity threats, the National Institute of Standards and Technology (NIST) has recently updated their guidelines for Special Publication NIST 800-171, making its guidance more prescriptive, and potentially making it harder for contractors to comply. NIST 800-171 is a set of guidelines created to help federal agencies and … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period.  NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.  NYDFS retained many of those earlier proposed changes, and made … Continue reading

CISA Releases New Infrastructure Cybersecurity Goals for Critical Infrastructure

On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.  Because this version is the “preposed” copy of the changes, there is … Continue reading
LexBlog