Update: New York Cybersecurity Regulations Delayed featured image

Update: New York Cybersecurity Regulations Delayed

by John DiGiacomo

Partner

Data Breach

New York cybersecurity regulations were to take effect on January 1, 2017, as proposed by New York Governor Andrew Cuomo, which we wrote about here. But after leaders in the financial community voiced concern over the rules in late December, the effective date for the new cybersecurity regulations has been pushed back to March 1, 2017 after conducting a hearing on the matter. The proposed regulations will impact banks, financial institutions, and insurance providers conducting in New York. The regulations are meant to improve cybersecurity measures taken by all financial institutions in the state spanning from big Wall Street banks to local community banks.

The new regulations are designed to bring cybersecurity and cyber threat awareness to the attention of businesses that are heavily involved in financial matters for the public. These financial institutions are entrusted with the public’s hard-earned money, and there is an ever-increasing risk of data security breaches. Banks, financial institutions and insurance companies need to take responsibility for protecting customer data and accounts.  

A Rush to Comply With the New York Cybersecurity Regulations

The banks, financial institutions and the insurance companies have been fighting to get a compliance extension for the new regulations because for some compliance requires a lot of effort. Under the new cybersecurity regulations many entities must perform system upgrades, implement new security measures, and a number of plans need to be developed, all of which takes time to accomplish. Many entities covered under the new regulations were scrambling to get their systems into compliance, and for many it was a struggle.

More than 150 covered entities penned letters to New York lawmakers lobbying to get the deadline for compliance pushed back from the quickly approaching January 1 compliance date. Additionally, opponents to the new regulation urged lawmakers to amend the regulations. The proposed New York cybersecurity regulations will be made available for comment on December 28, 2016.

Issues Raised By Covered Entities About the New Regulations

Some of the concerns that were raised by banks and insurance companies include the cost associated with compliance is too high, the regulations are tough on the financial industry, and the new regulations are out of sync with other government entities that have been required to adopt cybersecurity regulations, such as the Federal Reserve and the Federal Deposit Insurance Corporation. Additionally, under the regulations, banks are also forced to hire Chief Information Security Officers if the bank does not already have one. Hiring new staff, especially staff with such a high level of skill and training takes time to identify the right person for the job.

Incident reporting is also a concern under the new regulations. All cybersecurity incidents would need to be reported under the new regulations, even if the threat is managed by the covered entity. Constant incident reporting will result in a lot of paperwork and cost, which banks are not keen on shouldering. Additionally, incident reports could be accessed by the public under the Freedom of Information Act, and the public could see how many threats New York banks and financial institutions regularly face, which could harm their reputation and could affect their business.

Contact a Cybersecurity Lawyer

The revision to the New York cybersecurity regulations just goes to show how this area of law is under a lot of pressure. Changes and revisions are being made all the time to address new cyber security threats and risk. Revision Legal works extremely hard to stay current on the dynamic nature of cyber security. Contact the experienced cybersecurity attorneys at Revision Legal using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Alimuthuja.

Extra, Extra!
Recent Posts

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Internet Law

In May 2024, Minnesota enacted the Minnesota Consumer Data Privacy Act (“MCDPA”). In Part One of this two-part article, the Consumer Data Protection Attorneys at Revision Legal discussed the consumer rights and consumer-facing business obligations imposed by the MCDPA, including additional consumer rights related to automated decisions that utilize profiling data. The MCDPA allows consumers […]

Read more about The Minnesota Consumer Data Privacy Law: What Businesses Should Know (Part Two)

Advantages of Forming Corporate Entities for Operating Your Business

Advantages of Forming Corporate Entities for Operating Your Business

Corporate

Under most circumstances, the experienced Business Lawyers at Revision Legal deem it prudent for clients to operate their businesses through a corporate entity like a standard corporation or a limited liability company. Of course, there are some circumstances where a partnership of some type might be the better option, but it would be a rare […]

Read more about Advantages of Forming Corporate Entities for Operating Your Business

The Minnesota Consumer Data Privacy Law: Summary For Consumers

The Minnesota Consumer Data Privacy Law: Summary For Consumers

Internet Law

In May 2024, Minnesota enacted a consumer data privacy statute called the Minnesota Consumer Data Privacy Act (“MCDPA”). About 20 States have enacted consumer data privacy statutes similar to the MCDPA, and the MCDPA follows the general template of those statutes. However, there are some unique and additional features of the MCDPA that are very […]

Read more about The Minnesota Consumer Data Privacy Law: Summary For Consumers

Put Revision Legal on your side

Let's Discuss Your Case