At the Intersection of Technology, Law, and Business
March 23, 2017 - Privacy + Data Security

New York Cybersecurity Regulations: What Do They Mean, and When Do They Mean It By?

Biometric Information as Personal Information In A Brave New World of Regulatory Compliance

The New York State Department of Financial Services (NYDFS) has released guidance for covered financial institutions regarding its cybersecurity rule (the “Cybersecurity Rule” or “Rule”) that took effect on March 1, 2017.

While the guidance appears intended to assist covered financial institutions time approaches for the first of the Rule’s phased compliance deadlines less than six months away, it’s unlikely to make the implementation challenges to financial institutions less daunting.

The Rule requires that covered financial institutions adopt detailed programs, policies and procedures to protect Information Systems and some sensitive business and consumer information from cybersecurity threats.

Covered financial institutions now have less than six months to establish compliance with the first Cybersecurity Rule’s requirements. This means covered financial institutions will need to rapidly: (1) assess the current state of their information security programs and what modifications may be required based on the policies and controls required by the Rule; and (2) consider new processes that might need to be created to meet the Rule’s reporting, recordkeeping, and certification requirements.

The Client Alert provides a summary of key obligations and issues under the Cybersecurity Rule.

Read the full Client Alert.