Blog Posts Tagged With Breach Notification

Subscribe to Breach Notification RSS Feed

One Million Dollar Breach Notification Fine for Indian Bank Shows Increased Efforts by Regulators to Force Information Sharing Following a Breach

The $1 million fine that was recently levied against Yes Bank shows the increasing risks of failing to provide timely breach notification.  On October 23, 2017, the Reserve Bank of India (“RBI”) announced that it was fining India’s Yes Bank $1 million USD for failing to comply with RBI’s breach notification requirement, among other violations.  Yes Bank experienced a cyber breach around May 2016, but did not become aware of the incident until September 2016.  … Continue Reading

After Equifax, to Whom Should the CISO Report?

During congressional hearings earlier this month, senators grilled Richard Smith, the former Equifax CEO, on the company’s reporting structure for cybersecurity; specifically, on the appropriateness of Equifax’s CISO reporting to the general counsel.  This has caused several companies to question their own reporting structures for cybersecurity issues.  So what is the right structure for CISO reporting?  As usual, there is no one right or wrong answer.

We have seen many different reporting structures for CISOs … Continue Reading

Will Equifax Lead to Increased State-Level Cybersecurity Enforcement?

Regulators in almost every U.S. state have the authority to enforce cybersecurity compliance under their state’s laws, but until recently, they have rarely exercised this power, leaving enforcement mostly to federal agencies like the FTC.  With the recent Equifax breach, this appears to be changing.

The Massachusetts Attorney General filed a complaint against Equifax on September 17, 2017, asserting that Equifax violated Massachusetts Data Security Regulations by failing to safeguard personal information of credit applicants.  … Continue Reading

NYDFS Cybersecurity Rules Inspires Insurance Data Security Draft Model Law

The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.

The Cybersecurity (EX) Working Group and the Innovation and Technology (EX) Task Force of NAIC approved the Insurance Data Security Model Law (“Model Law”)  in August … Continue Reading

Today (August 28) Marks the First NYDFS Cybersecurity Compliance Deadline, With a Certification Deadline Less Than Six Months Away

Today marks the first deadline for entities regulated by the New York Department of Financial Services (“NYDFS”) to comply with certain provisions of the recent NYDFS cybersecurity rules.  The NYDFS cybersecurity rules taking effect is a significant event for NYDFS-regulated entities, and for any company facing cybersecurity concerns.  The unique combination of (1) concrete cybersecurity requirements (e.g., access controls), (2) a senior-level certification obligation, and (3) the 72-hour notice requirement, will likely have a … Continue Reading

Davis Polk’s Data Breach Portal and Breach Notification Assessment Tool Move to Client Beta Testing

We are pleased to announce that client beta testing has begun for the Davis Polk Data Breach Notification Resource Portal—a secure online suite of tools designed to assist clients in preparing and planning for a possible data breach, and help them comply with state and federal law obligations to inform customers, regulators, and law enforcement.  Utilizing a simple, query-based portal, the Notification Assessment Tool allows clients to receive rapid privileged legal advice on notification … Continue Reading

Davis Polk Memo – New York State Department of Financial Services Proposes New Cybersecurity Regulations

We have issued a memo on recent proposed cybersecurity regulations by the New York State Department of Financial Services that would be more stringent than existing federal requirements for certain financial entities. The memo highlights similarities and differences between the proposed regulations and federal regulations and guidance.

Read the Full Memo »Continue Reading

LexBlog