Cybersecurity Law Report | Two Settlements Show NYDFS’ Hidden Power to Use Other States’ Breach Laws | News & Insights

Digital Download August 2025

The Digital Download | Alston & Bird’s Privacy & Data Security Newsletter | August 2025

Keep up with what's happening in privacy, data security, and all things cyber — from federal and state cybersecurity regulations and the EU GDPR to a new law for AI pricing algorithms — from our Privacy, Cyber & Data Strategy Group.

Blog Posts December 22, 2025

NYDFS Releases New Prescriptive FAQs on MFA

The New York Department of Financial Services (NYDFS) has released a new set of Frequently Asked Questions (FAQs 18–23) under 23 NYCRR Part 500, reinforcing its position that multifactor authentication (MFA) remains a critical component of a covered entity’s cybersecurity program. These FAQs provide highly prescriptive guidance, including clarifications on technical requirements for the “possession” […]

The post NYDFS Releases New Prescriptive FAQs on MFA appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts November 24, 2025

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines the actions […]

The post NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers appeared first on Of Interest.

Blog Posts October 27, 2025

NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers

On October 21, 2025, the New York Department of Financial Services (“NYDFS”) published an Industry Letter (the “Letter”) outlining guidance on managing risks related to third-party service providers (“TPSPs”). NYDFS recognizes that as covered entities become more reliant on TPSPs, managing TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program.” The Letter outlines […]

The post NYDFS Issues Guidance on Managing Risks Related to Third-Party Service Providers appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.

Blog Posts August 22, 2025

Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions

Rhode Island has enacted Senate Bill 603 (SB603), effective July 2, 2025, establishing a comprehensive cybersecurity framework for nonbank financial institutions licensed by the state’s Department of Business Regulation (DBR). Although SB603 is closely modeled after the New York Department of Financial Services’ (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), SB603 introduces several […]

The post Rhode Island’s New Cybersecurity Law for Nonbank Financial Institutions appeared first on Alston & Bird Privacy, Cyber & Data Strategy Blog.