Jul. 15, 2026

Compliance Lessons From NYDFS’ Delta Dental Settlement

For companies subject to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, the agency’s recent settlement with Delta Dental Insurance Company and Delta Dental of New York, Inc. (collectively, Delta Dental) serves as a reminder that gaps in data governance and incident reporting can carry significant enforcement consequences. The NYDFS imposed a $2.25‑million fine on Delta Dental after alleging it failed to maintain required data retention controls and to timely report a breach. This article examines key aspects of the consent order and offers practical compliance lessons, drawing on insights from experts, including former NYDFS officials, at Clifford Chance, Crowell & Moring, Mayer Brown and Pillsbury. See “Practical Compliance Implications From NYDFS’ Healthplex Settlement” (Sep. 17, 2025).

How the Whole-of-State Movement Is Protecting the Community Organizations the Private Sector Depends On

Some of the organizations most essential to daily economic life – rural hospitals, schools, municipalities, local utilities and small businesses – are also the least equipped to defend themselves against cyberattacks, even as they hold troves of sensitive data. When these “target-rich, resource-poor” organizations are knocked offline, the disruption ripples outward to the businesses, workers and communities that rely on them. A growing “whole-of-state” movement is beginning to address these organizations’ weaknesses through community cyber defense programs that pair local cybersecurity talent with the entities that need it most. In this guest article, Grace Menna, senior fellow of public interest cybersecurity at UC Berkeley Center for Long-Term Cybersecurity, explains how these programs work, why the resilience of smaller organizations is a business-continuity issue for the private sector, and the concrete, often low-cost, ways legal and compliance professionals can help, through pro bono counsel, technical volunteering, advocacy and funding, to strengthen the infrastructure on which their own operations depend. See “CISA and Chamber of Commerce Officials Discuss Cyber Essentials’ Six Pillars for Small Businesses” (Aug. 4, 2021).

Safeguards for Using AI in Legal Practice

Lawyers, judges, legal departments and courts are all struggling to figure out how to fit AI into their legal work, what it can and cannot do, what risks must be managed, and how to use it without sacrificing judgment, skill and professional responsibility. As legal professionals grapple with this defining moment, the focus has shifted from whether to use AI to how to use it responsibly and effectively. At a recent panel discussion, experts from the bench, academia, law firms and the tech sector discussed AI training, a framework of safeguards, use documentation and privilege. This article distills their insights, priorities and strategies. See “How Tech CLOs Think Attorneys Should Be Using AI” (Apr. 22, 2026).