The new NYS DFS cybersecurity regulations will have international reach.
Even in today’s day and age, data security issues are sometimes (much too often, in fact) shuffled aside by C-suite executives who are stuck believing that network security is a concern for the IT department, not those who run the company on a day-to-day basis.
Join us May 16, 2017 at our Pathway to Compliance event to get insights into the challenges organizations face in complying with the demanding new requirements.
Join us March 22, 2017 for a live webinar with F. Paul Greene, partner and chair of our Privacy and Data Security practice group and Reg Harnish, CEO of GreyCastle Security, to learn about the final set of DFS’s Cybersecurity Rules, which have been in force as of March 1, 2017.
In previous posts, we’ve highlighted the FTC’s broad regulation of the use, storage and protection of consumer data under Section 5(a) of the FTC Act and discussed how the FTC relies upon its authority under the Act to flex its muscles in the cybersecurity realm. The FTC’s touchstone for data protection is “reasonableness” and for guidance as to its expectations as to what is deemed reasonable, the FTC has pointed businesses to its speeches, congressional testimony, articles, blog entries, Commission materials and published settlements. It is for this reason that a blog post published last week on the FTC’s website regarding what to do if businesses are impersonated as part of a phishing scam is so interesting.