Photo of Matti Mortimore

Matti Mortimore

Matti offers practical solutions to corporate matters.

After earning a graduate degree in philosophy, Matti wanted a career where he could offer practical help: as much as he enjoyed his original field, he wanted the opportunity to give clients clear solutions to their business problems. Matti was also drawn to the people-driven nature of law and business.

Matti’s research had focused heavily on economics, and his interest in markets translated into an enthusiasm for corporate, transactional, and securities matters. He is passionate about the ways businesses generate social wealth, and he loves the opportunity to help businesspeople grow their companies and contribute to their communities.

As a summer associate with Husch Blackwell, Matti assisted a variety of teams, including healthcare, real estate, litigation, corporate, and the newly established psychedelics practice group. He joined the firm as a full associate in 2023 and currently supports clients throughout the corporate transaction process.

At his core, Matti believes in truly understanding each client and their goals. He prioritizes genuine relationships built on trust and consideration, and he strives for complete client satisfaction. Matti embodies responsibility, consistently delivers on his promises, and is committed to serving clients as a trusted partner.

Follow:Read more about Matti MortimoreMatti's Linkedin Profile

Keypoint: Section 500.17(b) of 23 NYCRR Part 500 (“Part 500”) requires all non-exempt Covered Entities regulated by the New York Department of Financial Services to submit their annual notices of compliance by April 15th.

Businesses that are subject to the NYDFS Cybersecurity Regulations have four weeks left to submit their annual notices of compliance or acknowledge their noncompliance. When the regulations were amended in 2023, several of the new requirements were phased in over two years. Businesses cannot simply re-use their notice from last year, without confirming that the new obligations were met and preparing for the requirements going into effect in 2025.  

image

Keypoint: New York has amended its data breach notification law twice in the last 60 days to (1) add a 30-day deadline for notifying affected residents, (2) clarify that covered financial entities must still notify the New York Department of Financial Services (NYDFS) in accordance with existing NYDFS cybersecurity regulations, and (3) expand the prior definition of “private information” to include medical and health insurance information.

In the last sixty days, the New York legislature twice amended its data breach notification law. In the below article, we discuss the amendments and takeaways for covered businesses.

Keypoint: The New York State Department of Financial Services (NYDFS) issued an industry letter outlining the threats posed to U.S. companies who hire remote technology workers linked to North Korea and may embezzle funds from their new employers.

On November 1, 2024, NYDFS issued guidance warning companies against an increasing risk posed from individuals applying for employment in IT roles who are in fact operating on behalf of North Korea. These applicants seek employment in order to infiltrate western companies’ computer systems and illicitly generate revenue for the North Korean regime.

Keypoint: The New York Department of Financial Services (NYDFS) circulated an industry letter offering guidance to NYDFS “Covered Entities” for assessing and managing AI-related cybersecurity risks, including threats malicious actors using AI and the risks associated with a Covered Entity’s own AI systems.

The NYDFS industry letter (“Letter”) recognizes that Covered Entities can leverage AI to enhance their cybersecurity posture. The department contends that doing so would bolster entities’ compliance with NYDFS cybersecurity regulation 23 NYCRR Part 500 (“Part 500”).