On November 9, 2015, former Acting New York Superintendent of Financial Services requested input from federal and state regulators on proposed rules from the New York State Department of Financial Services designed to protect customer account information and financial institutions' information technology systems. The rules would, among other things, require banks and insurers to conduct annual penetration testing and designate a qualified employee to serve as chief information security officer responsible for overseeing, implementing, and enforcing cybersecurity programs and policies. The rules also provide for additional notification requirements in the event of a cybersecurity incident that has a "reasonable likelihood of materially affecting the normal operation" of the company.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.