Update: New York Cybersecurity Regulations Delayed featured image

Update: New York Cybersecurity Regulations Delayed

by John DiGiacomo

Partner

Data Breach

New York cybersecurity regulations were to take effect on January 1, 2017, as proposed by New York Governor Andrew Cuomo, which we wrote about here. But after leaders in the financial community voiced concern over the rules in late December, the effective date for the new cybersecurity regulations has been pushed back to March 1, 2017 after conducting a hearing on the matter. The proposed regulations will impact banks, financial institutions, and insurance providers conducting in New York. The regulations are meant to improve cybersecurity measures taken by all financial institutions in the state spanning from big Wall Street banks to local community banks.

The new regulations are designed to bring cybersecurity and cyber threat awareness to the attention of businesses that are heavily involved in financial matters for the public. These financial institutions are entrusted with the public’s hard-earned money, and there is an ever-increasing risk of data security breaches. Banks, financial institutions and insurance companies need to take responsibility for protecting customer data and accounts.  

A Rush to Comply With the New York Cybersecurity Regulations

The banks, financial institutions and the insurance companies have been fighting to get a compliance extension for the new regulations because for some compliance requires a lot of effort. Under the new cybersecurity regulations many entities must perform system upgrades, implement new security measures, and a number of plans need to be developed, all of which takes time to accomplish. Many entities covered under the new regulations were scrambling to get their systems into compliance, and for many it was a struggle.

More than 150 covered entities penned letters to New York lawmakers lobbying to get the deadline for compliance pushed back from the quickly approaching January 1 compliance date. Additionally, opponents to the new regulation urged lawmakers to amend the regulations. The proposed New York cybersecurity regulations will be made available for comment on December 28, 2016.

Issues Raised By Covered Entities About the New Regulations

Some of the concerns that were raised by banks and insurance companies include the cost associated with compliance is too high, the regulations are tough on the financial industry, and the new regulations are out of sync with other government entities that have been required to adopt cybersecurity regulations, such as the Federal Reserve and the Federal Deposit Insurance Corporation. Additionally, under the regulations, banks are also forced to hire Chief Information Security Officers if the bank does not already have one. Hiring new staff, especially staff with such a high level of skill and training takes time to identify the right person for the job.

Incident reporting is also a concern under the new regulations. All cybersecurity incidents would need to be reported under the new regulations, even if the threat is managed by the covered entity. Constant incident reporting will result in a lot of paperwork and cost, which banks are not keen on shouldering. Additionally, incident reports could be accessed by the public under the Freedom of Information Act, and the public could see how many threats New York banks and financial institutions regularly face, which could harm their reputation and could affect their business.

Contact a Cybersecurity Lawyer

The revision to the New York cybersecurity regulations just goes to show how this area of law is under a lot of pressure. Changes and revisions are being made all the time to address new cyber security threats and risk. Revision Legal works extremely hard to stay current on the dynamic nature of cyber security. Contact the experienced cybersecurity attorneys at Revision Legal using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Alimuthuja.

Extra, Extra!
Recent Posts

Fairness Factors For Your College NIL Agreement

Fairness Factors For Your College NIL Agreement

Corporate

In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]

Read more about Fairness Factors For Your College NIL Agreement

Is a “Fanciful” Trademark the Best Type of Trademark?

Is a “Fanciful” Trademark the Best Type of Trademark?

Trademark

Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]

Read more about Is a “Fanciful” Trademark the Best Type of Trademark?

Put Revision Legal on your side