NY Financial Services Department Finalizes "First-in-Nation" Cybersecurity Rules
The New York Department of Financial Services ("DFS") adopted the final version of its "first-in-nation" cybersecurity rules (see previous coverage). Generally, the rules require a wide range of insurance, banking and financial services companies to adopt robust cybersecurity programs in order to protect sensitive and confidential data from theft or harm by cybercriminals.
In a related memorandum, lawyers outline how the revised cybersecurity rules clarify notice and recordkeeping requirements and provide new exemptions to certain types of entities.
Commentary
The final version of the rules leaves nearly all of the stringent requirements of New York's new cybersecurity regulations intact, sending a clear message that New York intends to lead the nation in protecting sensitive corporate systems and data from cyber attacks. These new rules impose significant burdens on entities subject to regulation by the DFS and, potentially, significant penalties and sanctions for failure to comply. Entities covered by the rules now have only six months to meet many of the rules' new requirements.
Related Articles
-
The New York Department of Financial Services adopted final revisions to its new cybersecurity regulations, which apply to a wide range of insurance, banking and financial services companies.
