A Proposed New York State Regulation Requires First-Of-Their-Kind Cybersecurity Requirements for Financial Services Companies

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC

On September 13, 2016, New York Governor Andrew Cuomo announced that a first-of-its kind cybersecurity regulation has been proposed by the New York State Department of Financial Services (DFS) to further protect New York State from data breaches and cyberattacks.

The proposed regulation requires DFS-regulated financial services institutions, including, but not limited to, banks, insurance companies, money service businesses and regulated virtual currency operators, to do the following:

  • establish a cybersecurity program designed to ensure confidentiality, integrity and availability of information systems;
  • adopt a written cybersecurity policy setting forth policies and procedures for the protection of their information systems and nonpublic information;
  • designate a qualified individual to serve as a Chief Information Security Officer responsible for overseeing, implementing and enforcing the cybersecurity program and policy;
  • adopt policies and procedures designed to ensure the security of information systems and nonpublic information accessible to, or held by, third-parties; and
  • abide by a series of additional requirements to protect the confidentiality, integrity and availability of information systems.

Governor Cuomo said that "[t]his regulation helps guarantee the financial services industry upholds its obligation to protect consumers and ensure that its systems are sufficiently constructed to prevent cyber-attacks to the fullest extent possible."

The proposed regulation is subject to a 45-day notice and public comment period before its final issuance. The majority of the requirements in the proposed regulation are already suggested by the Federal Financial Institutions Examination Council, a panel of regulators including the Federal Deposit Insurance Corp., the Federal Reserve and the Office of the Comptroller of the Currency.

As this proposed regulation makes clear, New York State is becoming increasingly serious about imposing and enforcing requirements of financial institutions to ensure they are taking proper measures to protect New York State from data breaches and cyberattacks.

The full proposed regulation can be accessed at: http://www.dfs.ny.gov/legal/regulations/proposed/rp500t.pdf.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.