In September of 2016, the NY Department of Financial Services (the “DFS”) proposed rules to require anyone operating under the NY banking law, insurance law or financial services law (a “Covered Entity”) to adopt a cybersecurity program and a cybersecurity policy, to appoint a chief information officer (a “CIO”), to do penetration and vulnerability testing, to quickly report incidences and to meet certain other requirements. Small firms – those with fewer than 1000 customers, less than $5 million in gross annual revenues AND less than $10 million in total assets – are exempt from the requirement to have a CIO and certain other provisions, but not from the basic program and policy requirements. See the proposed rules, here. The DFS states that it is very concerned with the cybersecurity threats that have become evident in the recent past, and there are many who welcome the rules to add to what the federal government is doing on cybersecurity. But others are concerned that there may have been insufficient discussion with those responsible for cybersecurity at such firms and insufficient deference to what firms are doing already to protect confidential information. Moreover, the proposed rules could mean that small firms may find the burdens of complying very great.
Pages
Archives
- December 2023
- November 2023
- March 2023
- January 2023
- November 2022
- September 2022
- June 2022
- April 2022
- March 2022
- February 2022
- November 2021
- October 2021
- September 2021
- July 2021
- May 2021
- December 2020
- October 2020
- September 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- September 2019
- July 2019
- June 2019
- May 2019
- April 2019
- February 2019
- December 2018
- November 2018
- October 2018
- August 2018
- July 2018
- May 2018
- February 2018
- December 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- June 2016
- May 2016
Categories
- Alternative Energy (2)
- Anti-Money Laundering (5)
- Brexit (1)
- Broker-Dealers (34)
- Commodities (4)
- Coronavirus Relief (5)
- Corporate (31)
- Corporate – U.K. (7)
- Cryptocurrencies (17)
- Currency Trading (4)
- Data Privacy (1)
- Data Protection (6)
- Financial Institutions (18)
- Financial Services – U.K. (5)
- Funds – EU (2)
- Funds – Offshore (3)
- Funds – U.S. (12)
- Intellectual Property (1)
- Investment Advisers (11)
- Investment in the UK (2)
- Investment in United States (6)
- Loans (4)
- M&A (5)
- Not-for-Profit (2)
- Pandemic (2)
- Private Securities Offerings (12)
- Public Securities Offerings/IPOs (3)
- Securities (25)
- Securities Markets (8)
- Tax Havens (1)
- U.S. Constitution (1)
- Uncategorized (20)
- Venture Capital (12)
- Whistleblowing (4)
- Workers (1)