News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Discusses New York’s Data Security Rules for Financial Services Firms

February 23, 2017

Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice and co-chair of the Health Care Practice, was quoted in a February 22 Law360 article regarding the state of New York’s new cybersecurity requirements for financial services firms. Starting March 1, banks, insurance companies, and other financial services institutions that are licensed to do business in New York must meet the state Department of Financial Services’ (DFS) cybersecurity standards.

“The new rules may provide plaintiffs’ lawyers with a little extra framework for these data breach cases in the form of a few extra paragraphs to add to the complaint,” said Mr. Nahra.

In the event of a breach, both a financial firm and its third-party vendors could face liability under the DFS rules, according to the article. “Because cybersecurity is an interlocking system, one issue that is going to come up is, whose problem is it if there is a data breach and resulting litigation? Would it be the financial institution’s, or the vendor’s, and whose insurance is responsive?” Mr. Nahra said.

To read the full article, click here.