New York's Far-Reaching Cybersecurity Law Takes Effect March 1 - Are You Ready?

Fisher Phillips
Contact

New York’s Department of Financial Services Cybersecurity regulation became effective March 1.  According to the press release issued with the regulation, the regulation is intended to require banks, insurance companies and "covered entities" to "establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York State's financial services industry.”  This regulation is the first of its kind in the U.S, and will likely serve as a model to other states looking to address cybersecurity.

The regulation requires all covered entities to meet minimum cybersecurity requirements to protect networks and customer data and outlines reporting requirements for breaches.  It has been estimated that over sixty percent of all breaches originate with third-party vendors.  In an attempt to get at this vulnerability, the regulation also requires that the banks, insurance companies and other businesses that fall under this regulation assess their third-party vendors to ensure they meet certain cybersecurity requirements.  If you are a vendor providing goods and services to an entity covered by the new regulation, now is the time to assess your organization’s compliance to ensure you remain a vendor of choice for your clients.    

As part of the regulation, firms must certify annual assessments and compliance, although some experts complain this requirement is not nearly rigorous enough to keep pace with the speed of developing risks.  If you are a covered entity or provide goods or services to a covered entity, take note that general assessments are not enough to comply with the new regulation – each entity must have its own risk assessment done and mitigation plan targeted at those specific, identified risks.  Compliance certifications will be due beginning in 2018.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fisher Phillips | Attorney Advertising

Written by:

Fisher Phillips
Contact
more
less

Fisher Phillips on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide