Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

New York State's Financial Services Cybersecurity Regulation

By Elizabeth B. Vandesteeg and Kathryn C. Nadro
March 02, 2017

New York is poised to become the first state in the nation with comprehensive cybersecurity regulation and reporting requirements applicable to the entire financial services industry, with only very limited exemptions. 23 NYCRR 500 (the Regulation) will require banks, insurance companies, and other financial institutions regulated by the New York State Department of Financial Services (DFS) to establish and maintain a cybersecurity program designed to protect consumers and the stability of New York's financial services industry. The Regulation was designed to promote the protection of customer information as well as the underlying information technology systems of regulated entities in light of the ever-increasing threat of cyber attacks. It requires assessment of specific risk profile and design of program addressing risks, for which senior management is responsible including annual certification of compliance.

Originally intended to go into effect on Jan. 1, 2017, the Regulation received substantial industry comment and push-back. In response, DFS released a revised draft of the Regulation which was open to an additional 30-day comment period, extending the Regulation's effective date to March 1, 2017.

To Whom Does the Regulation Apply?

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.

Removing Restrictive Covenants In New York Image

In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?

Fresh Filings Image

Notable recent court filings in entertainment law.