Joseph Lazzarotti of JacksonLewis writes:
Yesterday, New York’s Department of Financial Services (“DFS”) announced another enforcement action under the state’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Part 500 (“Reg 500”). According to the press release, OneMain Financial Group LLC (“OneMain”) will pay a $4.25 million penalty to New York State for alleged violations of Reg 500.
In the Consent Order, DFS pointed to several provisions of Reg 500 for which it alleged OneMain came up short….
Read more at Workplace Privacy, Data Management & Security Report.