NY Cybersecurity Rules Pack Wallop In Enforcement Debut

By Allison Grande (August 18, 2020, 8:36 PM EDT) -- New York's financial services regulator demonstrated an appetite for policing data security missteps, even if consumers aren't obviously harmed, by targeting a data leak at insurer First American for its first enforcement action under the state's novel cybersecurity rules.

Banks and insurers have long been bracing for enforcement to begin under first-of-their-kind cybersecurity rules developed by the New York Department of Financial Services in 2016. The regulations, which require covered entities to take specific steps to fortify their cybersecurity protocols and to report breaches within 72 hours, took effect in several stages spanning a two-year period that concluded in March 2019.

With the rules...

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.

  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!


Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!