The New York Department of Financial Services ("DFS") adopted the final version of its "first-in-nation" cybersecurity rules (see previous coverage). Generally, the rules require a wide range of insurance, banking and financial services companies to adopt robust cybersecurity programs in order to protect sensitive and confidential data from theft or harm by cybercriminals.
In a related memorandum, Cadwalader attorneys Joseph Facciponti, John Moehringer, Howard Wizenfeld and Alejandra Contreras outline how the revised cybersecurity rules clarify notice and recordkeeping requirements and provide new exemptions to certain types of entities.
Commentary / Joseph Facciponti
The final version of the rules leaves nearly all of the stringent requirements of New York's new cybersecurity regulations intact, sending a clear message that New York intends to lead the nation in protecting sensitive corporate systems and data from cyber attacks. These new rules impose significant burdens on entities subject to regulation by the DFS and, potentially, significant penalties and sanctions for failure to comply. Entities covered by the rules now have only six months to meet many of the rules' new requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.