Akin Gump Article on New York’s “First-of-Its-Kind” Cybersecurity Regulations Published by Banking Law Journal

Banking Law Journal has published the article “NYDFS: A Lawyer’s Responsibility—New York Financial Regulator to Enforce First-of-Its-Kind Cybersecurity Regulations,” written by Akin Gump partners Natasha Kohne, Michelle Reed and David Turetsky, all co-leaders of the firm’s cybersecurity, privacy and data protection practice; senior counsel Jo-Ellyn Sakowitz Klein; and practice attorney Crystal Roberts. The article discusses recently revised cybersecurity regulations by the New York Department of Financial Services and the key role that lawyers play in cybersecurity for covered entities.

The authors write that the new regulations require covered entities—anyone “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”—to implement a number of data security measures and certify compliance as early as February 15, 2018. Companies subject to these regulations, they say, “should immediately begin to tackle compliance requirements.”

The authors suggest that lawyers should not only “ensure that their information security/technology departments are compliant with emerging regulations,” but they should also take the lead with respect to issues such as incident response, breach notification, vendor management and compliance.

A lawyer’s role in cybersecurity, the authors conclude, “is critical for Covered Entities.” Counsel, they say, must take the lead investigative role on data breach investigations and follow-on litigation. In addition, “lawyers must ensure that their multidisciplinary team has complied with standards imposed by regulators and ensure that the privilege is structured to maximize its protection in breach and compliance scenarios.”

To read the full article, please click here.