All Articles

New York City - September 05, 2023 - Digital Edge responds to the dynamic regulatory landscape with its NYS DFS 500 compliance service on AWS, addressing the intricate mandates set by the New York State Department of Financial Services (NYS DFS). The NYS DFS 500 regulation imposes rigorous cybersecurity standards on financial institutions to safeguard sensitive data and operational integrity.

Crafted meticulously by Digital Edge's in-house compliance and cybersecurity legal experts, the NYS DFS 500 compliance service aligns seamlessly with the unique challenges faced by financial organizations. The integration of cloud services, cybersecurity, and compliance into a unified strategy empowers businesses to navigate NYS DFS regulations effectively.

"Our commitment to staying ahead of regulations and cybersecurity best practices led us to develop the NYS DFS 500 compliance service on the robust AWS platform," remarked Michael Petrov, CEO, Digital Edge. "This underscores our dedication to enhancing security while fulfilling regulatory requirements."

The NYS DFS 500 compliance service simplifies compliance attainment and maintenance, offering a comprehensive framework covering risk assessment, data protection, incident response, and ongoing monitoring. Leveraging AWS's advanced infrastructure, Digital Edge guarantees clients unmatched reliability, scalability, and security.

Digital Edge's holistic approach optimizes cost management and vendor relationships, allowing financial institutions to concentrate on core objectives. The launch of the NYS DFS 500 compliance service on AWS reinforces Digital Edge's commitment to transforming the financial industry by safeguarding operations and delivering unparalleled value.

For details on Digital Edge's NYS DFS 500 compliance service and its broader FinTech solutions, visit www.digitaledge.net.

About Digital Edge:

Digital Edge pioneers tailored cloud, cybersecurity, and compliance solutions for the FinTech and financial services sector. Armed with industry expertise, an in-house compliance team, and cybersecurity legal specialists, Digital Edge empowers clients to operate securely and compliantly. Through its comprehensive approach, Digital Edge helps clients navigate evolving cybersecurity challenges and enhance their market presence, driving the transformation of the financial industry.

For more, visit www.digitaledge.net

To see the listing on AWS Marketplace for DFS 500 click here

Digital Edge’s NYS DFS 500 Financial Services Security and Compliance Framework includes our DFS Reference Architecture which specifically guides customers in their AWS deployments and addresses the new requirements that have become a part of the NYS DFS 500 Law. 

The current cybersecurity laws and regulations landscape is complex and burdensome. Public cloud providers are trying to help automate and offload the weight of program implementation but there is still a long way to go.
New York State DFS introduced its 23 NYCRR 500 regulation that requires implementation of cybersecurity requirements for all covered entities.
 
Digital Edge’s team, backed by our legal, cybersecurity and heavy AWS expertise has analyzed DFS requirements and possible AWS implementation automation suggestions.
 
Download the DFS 500 PDF with highlights and comments that include the joint work of our team.

teamDigital needed to implement an updated management system for governance of information security. They needed a partner to implement ISO 27001, the leading international standard for information security 

The client was using a web hosting solution that was problematic and did not offer good response times.  As an online company and digital platform the client needed a highly reliable web hosting solution that could be both flexible and scalable, they also needed a managed services partner who could provide software support 24/7 and dev-ops for troubleshooting. The platform was being used by their client base mostly on evenings and weekends so a pay as you go pricing model would offer the best solution.

Digital Edge pivoted to work with the client to organize and streamline their AWS accounts.  Digital Edge also implemented data governance with rules of engagement and cloud modernization strategies leveraging the AWS Account Factory program.  By leveraging the Account Factory program they could help their client increase speed to market and delivery for their users. By  leveraging “best practices” around an AWS SaaS solution they could also improve their client’s security posture and compliance.

The California Privacy Rights Act (CPRA), slotted to go into effect January 1, 2023 has had a recent change.  The California Privacy Protection Agency Executive Director, Askan Solitani, recently announced in a 12/16 board meeting that release of the final rules of the CPRA will be pushed back to April, 2023, leaving a 3 month gap between the regulations effective date and publication of it's rule requirements.

Digital Edge delivers a digital transformation strategy for global fintech client to re-engineer their existing on-premise IT infrastructure and provide the client with Cloud modernization, acceleration and further transparency they were seeking for internal teams. 

Fund Count was seeking greater flexibility to their on-premise colocation solution and wanted an alternative deployment option for their customers that could reduce lengthy deployment times.  Digital Edge proposed a hybrid solution that would work alongside Fund Count’s on-premise, client private hosted cloud application,  proposing an AWS - Software-as-a Service (SaaS) option.  

Does your company do any business with California residents or businesses? Do you have even one employee in California? Do you generate $25 million or more in gross revenue?  Are you a service provider or contractor for a California based company that is subject to the GDPR?

If so, you should know by now that in a mere 2 ½ months the “California Privacy Rights Act” (CPRA) enforcement will begin, and with it some much-expanded privacy rights of California residents, and some much-expanded privacy obligations for businesses. 

Background:

The CPRA is the most robust consumer privacy law in the United States. In November 2020, California voters approved the California Privacy Rights Act of 2020, otherwise known as the CPRA. This is an amendment to the California Consumer Privacy Act (CCPA) that voters approved in 2018. 

The CPRA has now modified, expanded, and clarified privacy rights for California residents, and it takes inspiration from the EU’s GDPR policy in a variety of ways. For instance, the CPRA creates a new enforcement agency. Previously the CCPA was enforced by the California Office of the Attorney General. However, in the EU, GDPR is enforced by data protection authorities –– and now, California has implemented one, too: the California Privacy Protection Agency (CPPA). 

Purpose:

CPRA’s purpose is to redefine and expand the California Consumer Privacy Act (CCPA) in order to strengthen the rights of residents of California. It provides consumers greater opportunity to opt out and requires deliberate data privacy management from businesses.

California has made it clear that they are serious. These rights can and will be enforced by private citizens, all California district attorneys, and the newly created “California Privacy Protection Agency” mentioned above and created solely to enforce privacy laws.

What are these rights?

The CPRA expands and amends the previous California privacy laws. Taken together they consist of the following bundle of privacy rights:

1. Right to Access personal information.
2. Right to Delete personal information.
3. Right to Correct personal information.
4. Right to Object to Selling personal information.
5. Right to Opt-Out of behavioral profiling and automated decision making.
6. Right to Object to the Use of Sensitive Information.
7. Right to Data Portability.

But that’s not all:

1. Purpose Limitation – Personal information can only be used for the purpose it was originally collected.
2. Children’s Data – Fines are now tripled for violating the privacy rights of children under 16.
3. Storage Limitation – Personal information must be destroyed once it has been used for its purpose at collection.
4. *Reasonable Cybersecurity Controls – Security controls must be commensurate with the sensitivity of the data you are protecting. This part by itself is just as big an undertaking as complying with the rest of the CPRA.

What are the penalties? 

$2,000 per offense for mistakes, $2,500 per offense for negligent mistakes, and $7,500 per offense for intentional offenses.

Please be aware – These offenses are accumulative and every California resident impacted by the same event will constitute a separate offence.

This can mean fines well into the millions of dollars

So far, under the CCPA (the current main California Privacy law) there has been numerous private settlements reaching into the millions of dollars including a recent one for $10 million - and just this past August Sephora was fined $1.2 million by the California Attorney General.

Becoming compliant with the CPRA is not an easy task, you will need to find out where every bit of personal data comes from and how it is handled. Then you will need to figure out how to actually comply with the law which will take policies and procedures and technical implementations. We at Digital Edge are experts in compliance and can assist you in developing a strategy and plan to ensure your business is protected and align with the January 2023 deadlines.

For more information contact sales@digitaledge.net