Scarinci Hollenbeck Article Library

Results for data breach articles

NYDFS Enforcement Reveals State Data Breach Laws Can Trigger Mandatory Reporting of Non-Material Breaches

NYDFS Enforcement Reveals State Data Breach Laws Can Trigger Mandatory Reporting of Non-Material Breaches

Author: Maryam M. MesehaDate: June 1, 2021

Two recent cybersecurity enforcement actions resolved by the New York State Department of Financial Services (NYDFS or Department) highlight the importance of notifying NYDFS of cybersecurity incidents. Notably, even if the breach is not considered “material” under NYDFS’s Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), reporting to NYDFS may still be required if the breach triggers notification to another government entity, such as required under another state’s data breach law.

NYDFS enacted the first state-level cyber regulations for the financial industry in 2017. Its comprehensive regulations impose a wide range of obligations on banks, insurance companies, and other financial services institutions ( “Covered Entities”).

scarinci hollenbeck diamond logo

Get the latest from our attorneys!

As the legal world continues to evolve, it is important to stay aware of its various and regular updates.
Sign up to our mailing list