New York state cyber security regulation to take effect March 1

1 Legal

1 Legal is a Division of 1 Media

1 Legal - 1 Lawyers - 1 Attorneys

 
Need Legal Clients  - Need a Lawyer
 
 

By Karen Freifeld and Jim Finkle | NEW YORK/BOSTON

NEW YORK/BOSTON New York state on Thursday
announced final regulations requiring banks and insurers to
meet minimum cyber-security standards and report breaches to
regulators as part of an effort to combat a surge in cyber crime
and limit damages to consumers.

The rules, in the works since 2014, followed a series of
high-profile data breaches that resulted in losses of hundreds
of millions of dollars to U.S. companies, including Target Corp
, Home Depot Inc and Anthem Inc.

They lay out unprecedented requirements on steps financial
firms must take to protect their networks and customer data from
hackers and disclose cyber events to state regulators.

“These strong, first-in-the-nation protections will help
ensure this industry has the necessary safeguards in place” to
protect businesses and clients “from the serious economic harm
caused by these devastating cyber-crimes,” Governor Andrew Cuomo
said in a statement.

The state in December delayed implementation of the rules by
two months and loosened some requirements after financial firms
complained they were onerous and said they would need more time
to comply.

The new rules call for banks and insurers to scrutinize
security at third-party vendors that provide them goods and
services. In 2005, the New York Department of Financial Services
found that a third of 40 banks polled did not require outside
vendors to notify them of breaches that could compromise data.

The revised rule requires firms to perform risk assessments
in order to design a program particular to them, and gives them
at least a year-and-a-half to comply with the requirements. The
final rule took into account the burden on smaller companies, a
spokeswoman for the agency said.

Covered entities must annually certify compliance.

Institutions subject to the regulation include
state-chartered banks, as well as foreign banks licensed to
operate in the state, along with any insurer that does business
in New York.

A task force of U.S. state insurance regulators is also
developing a model cyber security law, which individual state
legislatures could ultimately choose to adopt.



1 Lawyers
1 Lawyers

1 Legal

#1 Lawyers Search Engine

1 Legal is part of the 1 Search Project

Practice Areas - News - Federal - State - Contact Us


1 Legal

1 Legal is a Division of 1 Media

1 Legal - 1 Lawyers - 1 Attorneys

 
Need Legal Clients  - Need a Lawyer