"3 key areas where the NYDFS ups the ante on cybersecurity" by Elizabeth E. McGinn (Westlaw Journal)
Westlaw JournalElizabeth E. McGinn
On March 1, the two-year transitional period under the New York State Department of Financial Services’ “Cybersecurity Requirements for Financial Services Companies” regulation expired, making all requirements effective.
The cybersecurity regulation marks a shift in the governance of cybersecurity. Previously, governmental agencies largely scrutinized a cybersecurity program after a security incident occurred, and even then focused primarily on the company’s notification to affected consumers whose personal information may have been compromised.
Now, New York requires businesses to certify annually that they have proactively built an appropriate security program and infrastructure with several concrete elements to protect sensitive information.
Originally published in Westlaw Journal; reprinted with permission.