May 14, 2021

Volume XI, Number 134

Advertisement

May 13, 2021

Subscribe to Latest Legal News and Analysis

May 12, 2021

Subscribe to Latest Legal News and Analysis

May 11, 2021

Subscribe to Latest Legal News and Analysis

DFS Enters Into $1.5 Million Consent Order With Residential Mortgage Company In Wake of Widespread Data Breach

Correction to the original article: First American Title Insurance Company is not associated or involved with the March 3, 2021 consent decree between Residential Mortgage and New York Department of Financial Services.

In early March, the New York State Department of Financial Services (“DFS”) entered into a consent order requiring Residential Mortgage Company to pay $1.5 million for failing to comply with Cybersecurity Regulation, Part 500 of Title 23 of the New York Code.  The steep financial penalty in the consent order is a stark reminder for companies subject to Part 500 to prioritize their compliance.

In February 2017, New York enacted a law that requires financial companies to implement and report detailed framework aimed at protecting consumer data privacy.  Part 500 of Title 23 of the New York Code applies to any organization regulated by DFS.   This regulation largely impacts the financial, banking, and insurance industries in the United States.  Entities that violate this law can incur penalties up to $250,000 for each day the violation occurs or one percent of total banking assets.

Companies subject to Part 500 have been awaiting the results of this matter because it is a matter of first impression.  On March 03, 2021, DFS reached its first full resolution under Part 500 with Residential Mortgage Services.  DFS and Residential Mortgage Services agreed to resolve this matter without further proceedings.  As a result, Residential Mortgage must pay a civil monetary penalty of $1.5 million within ten days of executing the consent order.  In making this determination, DFS assessed the extent to which Residential Mortgage cooperated with DFS in its investigation, Residential Mortgage’s financial resources and good faith in responding to this investigation, the gravity of the violation and the public interest.  In imposing this steep financial penalty, DFS sent a very clear message to other companies subject to Part 500: comply, comply, and comply.  In addition, DFS imposed a number of remedial measures on Residential Mortgage aimed at preventing future incidents by ensuring its cybersecurity systems and customer data are secure.  These measures include a cyber-security incident response plan, a cybersecurity risk assessment within 90 days of the order, and training and monitoring programs within 90 days of the order.

Advertisement
© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 103
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Alan L. Friel Data Privacy & Cybersecurity Attorney Squire Patton Boggs Los Angeles, CA
Partner

Alan Friel is the deputy chair of the firm’s Data Privacy & Cybersecurity Practice.

Alan is a thought leader in digital media, intellectual property, and privacy and consumer protection law, with three decades of relevant experience to address the intersection of law and technology.

Prior to joining the firm, Alan was a partner at a US law firm, where he led the US Consumer Privacy practice (in which he counseled clients on compliance with the California Consumer Privacy Act (CCPA) and other data privacy regimes), and the retail, restaurant and e-commerce industry...

213-689-6518
Ann J. LaFrance Data Privacy & Cybersecurity Attorney Squire Patton Boggs New York, NY & Washington DC
Partner

Ann LaFrance co-chairs the firm’s global Data Privacy & Cybersecurity Practice and is a senior member of the international Communications Practice.

In addition to advising clients on national and cross-border data privacy and cybersecurity matters, Ann has experience counselling clients on a broad range of legal and regulatory issues affecting the provision of internet and digital services, as well as advanced technologies. She has particular expertise advising on issues of concern to technology, media and telecommunications companies and she frequently serves as an adviser to...

212-872-9830
Associate

Katie Sharpless is a member of the Litigation Practice. She advises companies on complex business disputes.

Prior to joining the firm, Katie served as Judicial Extern to the Honorable Michael H. Simon, United States District Court, in Portland, Oregon. She also was a Submissions Editor and an Associate Editor on the Environmental Law Review. Katie also served as a research assistant, conducting extensive research on family separation and DACA litigation. She also helped draft articles, essays and book chapters on immigration law.

415-954-0254
Advertisement
Advertisement