Attorney Richard Santalesa was quoted on the time and deadlines coming for entities affected by newly enacted New York State Dept of Financial Services CyberSecurity Regs, which went into effect on March 1, 2017 following two rounds of drafts and public comment. The article in SecurityIntelligence, New York State Codifies Financial Cybersecurity Regulations, available here https://securityintelligence.com/news/new-york-state-codifies-financial-cybersecurity-regulations/, […]
Tag: Cybersecurity
Proposed cybersec regulations for New York financial institutions have a broad reach
As written by SmartEdgeLaw Group Attorney Richard Santalesa, in the September 30, 2016 IAPP Privacy Tracker and Daily Dashboard – at https://iapp.org/news/a/proposed-cybersec-regulations-for-new-york-financial-institutions-have-a-broad-reach/ Proposed cybersec regulations for New York financial institutions have a broad reach Richard Santalesa, CIPP/US Privacy Tracker | Sep 30, 2016 New York state’s long-awaited Cybersecurity Regulations For Financial Services Companies, issued by […]
Cybersecurity Regulations Issued by NYS Dept of Financial Services
New York State’s long-awaited Cybersecurity Regulations for financial institutions were released last week by the New York State Department of Financial Services (“NYDFS”) for a 45-day public notice and comment period, starting Sept 28, 2016, after which the Regs will go into effect on January 1, 2017, unless modified, as codified at 23 NYCRR Part […]
Is this the Definitive Cybersecurity Guide? NYSE Guide for Directors & Officers
The following post by SmartEdgeLaw Group attorney, Richard Santalesa, was originally published Oct. 27, 2015 at the International Association of Privacy Professionals’ Privacy Perspectives website. Is this the Definitive Cybersecurity Guide? While many companies come up short on their cybersecurity programs or ability to safeguard data privacy, one area where no gap exists is in the […]
Global Fraud Report: Consumers Frustrated With Financial Institutions
The newly released 2014 ACI Global Fraud Survey (links at bottom) paints a dramatic picture of the global debit/credit card fraud picture – raising a litany of concerns for consumers and financial institutions. Trust? In line with the study’s name and the different behavioral and fraud levels around the world, trust remains a huge issue regarding consumers’ trust of financial […]
Sm@rtEdgeLaw Now a Member of InfraGard – Cybersecurity Partnership
We’re pleased to announce that founding attorney, Richard Santalesa, has been accepted as a member of InfraGard, and looks forward to employing InfraGard’s expertise on behalf of Sm@rtEdgeLaw’s client base and our communities. InfraGard is a partnership between the FBI and the private sector as “an association of persons who represent businesses, academic institutions, state […]
Ready to Revisit Your Cloud Contracts? FedRAMP is Ramping Up With Three Public Webinars
Those who follow cloud computing on the federal level know the Federal Risk and Authorization Management Program (“FedRAMP”) is tasked with developing a “government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” We expect FedRAMP to have a broader ripple effect for corporate cloud contracting, […]
FTC Slaps Snapchat Over Privacy Policy & Practices
Recently, the Federal Trade Commission snapped at Snapchat over its privacy policy and representations made regarding the company’s mobile application. The FTC’s action has raised some eyebrows. But it has also raised awareness that promises made in a privacy policy matter. What did Snapchat do wrong and what are the key takeaways you should adopt […]
NIST Releases “Security by Design” Public Draft Guidance
Following on the heels of the National Institute of Standards and Technology‘s (“NIST”) release of the Framework for Improving Critical Infrastructure Cybersecurity (a/k/a the “Cybersecurity Framework” – see our coverage here and here), NIST unveiled yesterday a 123-page initial draft for public comment of Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. […]
Admin judge to FTC: “Put up or shut up”
FTC ordered to submit to testifying about data security standards The ongoing controversial Federal Trade Commission (“FTC”) versus LabMD Inc. enforcement action (Docket No. 9357) took a new twist recently as Chief Administrative Law Judge D. Michael Chappell effectively ordered the FTC to reveal details about what it considers to be the applicable data security […]
White House Big Data Report – An Ink Blot Test
Remember those famous Rorschach ink blot tests, where you could see nearly anything in an image? The White House’s recent Big Data report (BIG DATA: Seizing Opportunities, Preserving Values, the “Report”), which examines how Big Data is and will be expected to be used, strikes us as rather like one of those ink blots – […]
SEC Issues Cybersecurity Risk Alert
Building on its stated goals for 2014, the U.S. Securities and Exchange Commission (“SEC“) recently issued a Cybersecurity Risk Alert through its Office of Compliance Inspections and Examinations (“OCIE“) that provides important additional information regarding the SEC’s ongoing initiative to assess cybersecurity preparedness in the financial and securities industry subject to its jurisdiction. As we […]
Upcoming Webinar April 17 – “Data Breach Aftermaths”
Join us for our April 17 webinar, Data Breach Aftermath: Next Steps To Clean Up The Mess, hosted by the National Constitution Center, with details, registration and agenda information available here. Data Breaches have unfortunately become near daily occurrences, with news reports – like those covering Target’s recent mammoth breach – sending chills up the […]
Why the Cybersecurity Framework Matters for Your Security Programs
Richard Santalesa’s latest IAPP Privacy Perspectives commentary discussing what the National Institute of Standards and Technologies “Cybersecurity Framework” means for privacy and risk management professionals – and by extension your infosec and data security efforts – is up. The Framework is likely to be very influential going forward as federal agencies, government contractors and ultimately […]
FTC and FBI Issue Warning About “CryptoLocker” Malware
Safeguarding data security and privacy is a constant battle. We always recommend the use of encryption for mobile devices, laptops and all crucial company data or consumer records containing personal, sensitive or medical information. In a devilish twist, however, cyber criminals have turned encryption against unsuspecting victims, to beg the question: “Are your computer files […]
