New cybersecurity regulations issued by the NYDFS define the nonpublic information they regulate in exceptionally broad terms. This expanded definition of Nonpublic Information will create major challenges for regulated companies and their third-party service providers that will likely ripple through other ancillary industries.
The regulation’s implementation stages are complex and ongoing. NYDFS-regulated entities were required to have a cybersecurity program and detailed NPI safeguards in place as of August 28, 2017. More rigorous implementation stages will follow in 2018 and 2019.
Please see full publication below for more information.