Craig Carpenter Quoted in JD Supra on Cybersecurity

“New York Eyes New Cybersecurity Rules for Banks and Vendors”

Craig Carpenter, a data privacy and cybersecurity attorney with Thompson & Knight LLP, said many of the issues raised in the DFS letter, such as requiring a written cybersecurity plan or expectations from vendors, are already covered by state or federal regulations. But he said that New York’s early proposals “go a step beyond many of the existing, vague regulations to require specific cybersecurity ‘best practices’ by including, for example, detailed descriptions of the required contents of a company’s cybersecurity policy and vendor agreements and requiring encryption of data at rest and specific penetration and vulnerability testing requirements.”