Insights & Publications
© 2019 Debevoise & Plimpton LLP
New York Eases Proposed Cybersecurity Regulation for Financial Sector, But Practical Issues Remain
3 January 2017
View Client Update
The New York Department of Financial Services has issued a second-round draft of its proposed cybersecurity regulation, subject to a new notice and comment period and now slated to go into effect on March 1, 2017.
The new draft makes modest but meaningful changes towards a more risk-based and less prescriptive approach, maintaining the same broad range of cybersecurity requirements but building in some flexibility within most sections in response to industry comments.
Covered Entities will now have somewhat more latitude to design and execute a cybersecurity program based on risk assessments of their own circumstances, including greater flexibility with respect to the use of encryption, the supervision of third-party service providers, the reporting of cyber incidents to DFS, and the schedule for compliance with the regulation.
Cybersecurity & Data Privacy
White Collar & Regulatory Defense
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review