The New York Department of Financial Services (“DFS”) released their proposed second amendment to the Cybersecurity Regulation, 23 NYCRR Part 500 (“Proposed Second Amendment”) on October 9, 2022. DFS issued a minor amendment on April 2, 2020, revising the certification of compliance date (from February to April). The Proposed Second Amendment follows DFS’s “pre-proposed” draft […]
Cybersecurity
FTC Delays Effective Date of Certain Changes to the Safeguard Rule
On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain security requirements on non-banking financial institutions. The FTC amended the Rule in December 2021, and several provisions under the […]
European Parliament Adopts “NIS2” Cybersecurity Directive
On November 10, 2022, the European Parliament adopted a new cybersecurity directive (the “NIS2 Directive”), which is designed to replace and repeal the existing EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (the “NIS Directive”). The objective of the NIS2 Directive is to achieve a higher level of cybersecurity within the EU […]
UK’s National Cyber Security Centre Releases 2022 Annual Review
The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security threats in the country. As the UK’s technical authority for cyber security, the NCSC releases an annual report covering the cyber threats from the prior 12 months as well as analysis of potential […]
Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]