On April 22, 2026, Rep. Brett Guthrie (R-KY), chairman of the House Committee on Energy & Commerce, and Rep. John Joyce (R-Pa.), leader of the Energy and Commerce Data Privacy Working Group and chairman of the Energy and Commerce Subcommittee on Oversight and Investigations, introduced HR 8413, the Securing and Establishing Consumer Uniform Rights and Enforcement Over Data Act (the “SECURE Data Act”).
As cybersecurity breaches grow more complex and frequent, regulators are increasingly focused on organizational compliance. Organizations such as Crowdstrike report that in 2025, cyberattacks are increasing in speed, volume, and sophistication—and cybercrime has evolved as a “highly efficient business.” The escalating threat landscape demands robust security frameworks that can withstand evolving risks.
Enter the amendments announced in November 2023 to the New York’s Department of Financial Services (NYDFS) Cybersecurity Regulation, 23 NYCRR Part 500 (“Amended Regulation”), that became effective on November 1, 2025. This post explores the breadth of these Amended Regulations, and the steps that covered entities need to take now.
Blog Editors
Recent Updates
- Connecticut Joins Growing Number of States Regulating Workplace AI and Mandating Notice for Certain AI Uses as Well as Imposing New Disclosure Requirements for Certain Reductions in Force
- Watch: EEO-1 Reports, Remote Work, and Non-Compete Restrictions in Tennessee - Employment Law This Week
- Chicago Paid Leave Rules Clarified and Now in Effect
- Chicago Recalibrates Fair Workweek Rules, Which Took Effect June 1
- Illinois’ Proposed Notice Rules for Complying with Workplace AI Anti-Discrimination Law