ARTICLE
13 March 2017

New York's Far-Reaching Cybersecurity Law Takes Effect March 1 - Are You Ready?

FP
Fisher Phillips LLP

Contributor

Fisher Phillips LLP logo
Fisher Phillips LLP is a national law firm committed to providing practical business solutions for employers’ workplace legal problems. Labor and employment law is all the firm does, offering deep and broad knowledge and experience in the area of the law the attorneys know best. Fisher Phillips attorneys help clients avoid legal problems, are dedicated to providing exceptional client service, and are there when you need them. The firm has over 400 attorneys in 34 offices with 33 locations. Learn more at www.fisherphillips.com.
This regulation is the first of its kind in the U.S, and will likely serve as a model to other states looking to address cybersecurity.
United States Technology

New York’s Department of Financial Services Cybersecurity regulation became effective March 1.  According to the press release issued with the regulation, the regulation is intended to require banks, insurance companies and "covered entities" to "establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York State's financial services industry.”  This regulation is the first of its kind in the U.S, and will likely serve as a model to other states looking to address cybersecurity.

The regulation requires all covered entities to meet minimum cybersecurity requirements to protect networks and customer data and outlines reporting requirements for breaches.  It has been estimated that over sixty percent of all breaches originate with third-party vendors.  In an attempt to get at this vulnerability, the regulation also requires that the banks, insurance companies and other businesses that fall under this regulation assess their third-party vendors to ensure they meet certain cybersecurity requirements.  If you are a vendor providing goods and services to an entity covered by the new regulation, now is the time to assess your organization’s compliance to ensure you remain a vendor of choice for your clients.    

As part of the regulation, firms must certify annual assessments and compliance, although some experts complain this requirement is not nearly rigorous enough to keep pace with the speed of developing risks.  If you are a covered entity or provide goods or services to a covered entity, take note that general assessments are not enough to comply with the new regulation – each entity must have its own risk assessment done and mitigation plan targeted at those specific, identified risks.  Compliance certifications will be due beginning in 2018.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More