Cybersecurity Compliance Emphasized at MBA's Legal Issues and Regulatory Compliance Conference
Privacy, Cyber & AI Decoded Alert | 2 min read
Jun 3, 2021
With cybersecurity legislation and regulation sweeping the country in response to a series of high-profile hacking and ransomware attacks, it was little surprise that cybersecurity was a topic at the recently concluded Mortgage Bankers Association's Conference on Legal Issues and Regulatory Compliance. A major takeaway at the conference was that lenders and servicers with consumer-facing platforms that collect personal information should review their cybersecurity policies immediately. Simply waiting for an agency inquiry, investigation, or a breach could result in dire financial and reputational consequences.
To illustrate this point, one speaker at the conference noted the enforcement action commenced by the New York State Department of Financial Services (DFS) in July of 2020 against a leading title insurance company, alleging violations of DFS's Cybersecurity Regulation 23 NYCRR 500 (Regulation 500). Among other things, Regulation 500 requires that most financial institutions and other regulated businesses operating in New York have a robust written cybersecurity program informed by periodic risk assessments. The program should also include a plan to respond to and recover from cybersecurity incidents and trained cybersecurity personnel. Covered entities are further required to submit a certificate of compliance to DFS. Failure to adhere to the mandates of Regulation 500 subjects violators to penalties of $1,000 per incident.
DFS alleged that the insurer failed to follow its own cybersecurity policy after a vulnerability in its system exposed millions of files containing consumers' personal information, including bank account and social security numbers. DFS further alleged that the insurer misclassified the vulnerability as "low" in severity; failed to conduct a reasonable investigation into the scope and cause of the exposure; failed to utilize cybersecurity personnel; and falsely certified its compliance with Regulation 500. A hearing is scheduled for August of this year.
All businesses that collect the personal data of consumers should take heed of this enforcement action and adopt the following best practices:
- Follow written cybersecurity programs;
- Conduct regular risk assessments to detect vulnerabilities and update cybersecurity programs accordingly;
- Do not underestimate the level of risk associated with a vulnerability;
- Train and utilize cybersecurity personnel; and
- Adhere to representations concerning cybersecurity programs.
If you are unsure if your organization is in compliance with cybersecurity laws like Regulation 500, you should contact a trained legal professional for an assessment as soon as possible. Other than DFS and the Federal Trade Commission, agencies such as the Consumer Financial Protection Bureau and the Securities & Exchange Commission have shown an increased appetite for regulating and enforcing digital practices and risks. Now is the time to ensure that your organization is in compliance.
Related People
Related Capabilities
Featured Insights

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents




