Insights & Publications
© 2018 Debevoise & Plimpton LLP
New York Eases Proposed Cybersecurity Regulation for Financial Sector, But Practical Issues Remain
3 January 2017
View Client Update
The New York Department of Financial Services has issued a second-round draft of its proposed cybersecurity regulation, subject to a new notice and comment period and now slated to go into effect on March 1, 2017.
The new draft makes modest but meaningful changes towards a more risk-based and less prescriptive approach, maintaining the same broad range of cybersecurity requirements but building in some flexibility within most sections in response to industry comments.
Covered Entities will now have somewhat more latitude to design and execute a cybersecurity program based on risk assessments of their own circumstances, including greater flexibility with respect to the use of encryption, the supervision of third-party service providers, the reporting of cyber incidents to DFS, and the schedule for compliance with the regulation.
Cybersecurity & Data Privacy
White Collar & Regulatory Defense
Highly Regarded Broker-Dealer Lawyer Jeffrey L. Robins Joins Debevoise
General License 12C Reports Are Due on June 19
The Director Talks Crypto and The Sun Shines (a Little)
European Funds Comment: Corporate Governance in UK Private Companies
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review