New York State Archives - Data Privacy and Security™

January 10, 2017 Cybersecurity / Regulation

NYDFS Issues Updated Cybersecurity Regulation

The New York Department of Financial Services (NYDFS) recently issued an updated version of its proposed cybersecurity regulation, “Cybersecurity Requirements For Financial Services Companies” (23 NYCRR 500). The updated proposed regulation reflects several of the comments offered during the initial public notice and comment period that concluded on November 14, 2016. Some of the most noteworthy changes in the revision are as follows:

Section 500.04 — NYDFS clarified that while a Covered Entity must designate a qualified individual to perform the responsibilities

May 4, 2016 Cyber Attacks

Forty Percent Increase in New York State Data Breaches

On Wednesday, May 4, 2016, New York State Attorney General Eric T. Schneiderman announced a 40 percent increase in reports of data breaches during 2016 as compared with the same time frame last year. As in a growing number of states and federal agencies, New York’s Information Security Breach & Notification Act, enacted in 2005, requires all individuals and organizations conducting business in New York to report any unauthorized access to personal information to affected individuals, law enforcement and other government officials. According to the… Continue Reading

April 8, 2015 Cyber Risk / Cybersecurity

NY Dept. of Financial Services Requests Detailed Cyber Security Reports From Insurers

Cyber security is clearly one of the highest priorities — if not the top concern — for regulators in 2015. Late last month, the New York Department of Financial Services (DFS) sent more than 160 licensed insurers a New York Insurance Law Section 308 Letter seeking a detailed report regarding their cyber security practices and procedures. The Section 308 Letter — to which there is now less than three weeks to respond — also provides greater insight into the scope of cyber security examinations that… Continue Reading