On Friday, November 18, 2022 at 10:30AM ET, Eric Dinallo, Avi Gesser, Erez Liebermann, Caroline Novogrod Swett, and Johanna Skrzypczyk participated in a webcast examining the new draft amendments to the Part 500 Cybersecurity Rules (“Draft Amendments”) proposed by the New York Department of Financial Services (“NYDFS”) and the implications they may have for insurance companies and other NYDFS-regulated entities.

Topics that were covered included:

  • New governance, technology, and notification-related obligations proposed under the Draft Amendments, including more onerous obligations for large covered entities;
  • Opportunities for participation during the comment period and likely pushback from covered entities; and
  • Practical steps covered entities can take to mitigate regulatory and reputational risks.

To hear on-demand recording, click here.

If you missed the last briefing, please click here to access the on-demand recording.  To read our recent Data Blog post on the NYDFS Proposed Amendment, click here.

To subscribe to the Data Blog, click here.

Author

Eric R. Dinallo is Chair of the Debevoise insurance regulatory practice and a member of its Financial Institutions and White Collar & Regulatory Defense Groups in New York. He can be reached at edinallo@debevoise.com.

Author

Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.

Author

Erez is a litigation partner and a member of the Debevoise Data Strategy & Security Group. His practice focuses on advising major businesses on a wide range of complex, high-impact cyber-incident response matters and on data-related regulatory requirements. Erez can be reached at eliebermann@debevoise.com

Author

Caroline Swett is a partner in Debevoise’s Financial Institutions and Banking Groups. She advises domestic and foreign banks and other financial institutions on a wide range of regulatory, enforcement and transactional matters. She can be reached at cnswett@debevoise.com.

Author

Johanna Skrzypczyk (pronounced “Scrip-zik”) is a counsel in the Data Strategy and Security practice of Debevoise & Plimpton LLP. Her practice focuses on advising AI matters and privacy-oriented work, particularly related to the California Consumer Privacy Act. She can be reached at jnskrzypczyk@debevoise.com.