New cybersecurity regulations from the New York Department of Financial Services (NYDFS) went into effect March 1st, 2017. 23 NYCRR 500 will require organizations to designate a CISO, as well as enact and document a comprehensive cybersecurity policy.
By February 15th, 2018, all covered entities are required to submit the first certification under 23 NYCRR 500.17(b). Institutions will need to address cybersecurity challenges including data encryption, annual certification, multi-factor authentication, and incident reporting.
In this episode of the InSecurity Podcast, host Shaun Walsh is joined by special guest Jake Bernstein, attorney with Newman Du Wors, to discuss how organizations can best navigate the new requirements, including examples of “covered entities,” key requirements, and exemptions to the regulations.
About Jake Bernstein
Jake Bernstein (@JakeBernsteinWA) represents companies subject to inquiries, investigations, and actions brought by regulatory agencies, such as state attorneys general and the Federal Trade Commission. He also advises businesses about advertising, marketing, regulatory compliance, privacy, and cybersecurity. Jake has significant experience with laws regulating the collection, storage, and use of private consumer data.
Before joining Newman Du Wors, Jake served eight years as an Assistant Attorney General in the Consumer Protection Division of the Washington State Attorney General’s Office. There, he prosecuted unfair and deceptive business practices including online advertising, negative-option marketing, spam under state law and the federal CAN-SPAM Act, spyware, and consumer-privacy violations.
With a background and degree in science, Jake also pursued companies making deceptive health claims. Jake now provides clients with a practical approach to maximizing effective marketing while mitigating the risk that government regulatory agencies or private plaintiffs will initiate legal action.
About Shaun Walsh
Shaun Walsh (@cingulus) leads Cylance’s global marketing strategy, channels, campaigns, digital marketing and communications efforts.
Prior to joining Cylance, Shaun served as VP of Corporate Marketing and GM of the Ethernet business unit at QLogic, and previously served as the SVP of Marketing and Corporate Development at Emulex.
About Matt Stephenson
Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance which puts him in front of crowds, cameras, and microphones all over the world.
Twenty years of work with the world’s largest security, storage and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come before.