On August 14, 2025, the New York Department of Financial Services (“NYDFS”) entered into a consent order with Healthplex, Inc, (“Healthplex”), which is licensed by NYDFS as an independent claims adjuster and as a life and/or accident health insurance agent. In the consent order, Healthplex agreed to pay NYDFS $2 million and to change some... Continue Reading| Data Protection Report
Accusing the Trump Administration of “dismantling” the CFPB, New York City Comptroller Brad Lander is calling on city and state officials to fill the void| Consumer Finance Monitor
On November 22, 2024, the California Privacy Protection Agency (the “CPPA”) opened the formal public comment period for its recently approved formal proposed rulemaking package for annual cybersecurity audits, automated decision-making technology, privacy requirements, insurance companies’ obligations, and other updates to existing regulations (the “Draft Regulations”). The Draft Regulations fulfill the CPPA’s mandate under the [...]| Debevoise Data Blog
November 1, 2024 marked the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”). In Part One of this Debevoise Data Blog post series, we discussed the Part 500 requirements that came into effect on November 1, 2024. In [...]| Debevoise Data Blog
On November 8th, Avi Gesser, Luke Dembosky, Erez Lieberman, and Charu Chandrasekhar from the Debevoise Data Strategy and Security Group discussed the recent NYDFS Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI. The webcast provided a deeper dive into the topics covered in our recent blog post including: The [...]| Debevoise Data Blog
November 1, 2024, marks the one-year anniversary of the second amendment to the New York Department of Financial Services’ (“NYDFS” or the “Department”) Cybersecurity Regulation (the “Regulation” or “Part 500”). It is also the date that a number of new requirements under Part 500 come into effect, including requirements surrounding governance, encryption, and incident response [...]| Debevoise Data Blog
On October 16, 2024, the New York Department of Financial Services (the “NYDFS”) issued an Industry Letter providing guidance on assessing cybersecurity risks associated with the use of AI (the “Guidance”) under the existing 23 NYCRR Part 500 (“Part 500” or “Cybersecurity Regulation”) framework. The Guidance applies to entities that are covered by Part 500 [...]| Debevoise Data Blog
Personally Identifiable Information (PII) is extremely sensitive data, which is why organizations use PII Data Encryption.| Encryption Consulting