Mary J. Hildebrand CIPP/US/E speaks with Cybersecurity Law Report about how New York’s Department of Financial Services (NYDFS) leverages other states’ laws to enforce cybersecurity compliance, as demonstrated in two recent consent orders imposing $4.5 million in penalties on companies for failure to notify NYDFS of phishing incidents that morphed into data breaches. Hildebrand says, “The agency is saying that if you have to notify anybody else, then you have to notify us, too.” Further extending its regulatory reach, NYDFS prohibited one company from using insurance proceeds to pay penalties, a development Hildebrand calls “unusual.”