Update: New York Cybersecurity Regulations Delayed featured image

Update: New York Cybersecurity Regulations Delayed

by John DiGiacomo

Partner

Data Breach

New York cybersecurity regulations were to take effect on January 1, 2017, as proposed by New York Governor Andrew Cuomo, which we wrote about here. But after leaders in the financial community voiced concern over the rules in late December, the effective date for the new cybersecurity regulations has been pushed back to March 1, 2017 after conducting a hearing on the matter. The proposed regulations will impact banks, financial institutions, and insurance providers conducting in New York. The regulations are meant to improve cybersecurity measures taken by all financial institutions in the state spanning from big Wall Street banks to local community banks.

The new regulations are designed to bring cybersecurity and cyber threat awareness to the attention of businesses that are heavily involved in financial matters for the public. These financial institutions are entrusted with the public’s hard-earned money, and there is an ever-increasing risk of data security breaches. Banks, financial institutions and insurance companies need to take responsibility for protecting customer data and accounts.  

A Rush to Comply With the New York Cybersecurity Regulations

The banks, financial institutions and the insurance companies have been fighting to get a compliance extension for the new regulations because for some compliance requires a lot of effort. Under the new cybersecurity regulations many entities must perform system upgrades, implement new security measures, and a number of plans need to be developed, all of which takes time to accomplish. Many entities covered under the new regulations were scrambling to get their systems into compliance, and for many it was a struggle.

More than 150 covered entities penned letters to New York lawmakers lobbying to get the deadline for compliance pushed back from the quickly approaching January 1 compliance date. Additionally, opponents to the new regulation urged lawmakers to amend the regulations. The proposed New York cybersecurity regulations will be made available for comment on December 28, 2016.

Issues Raised By Covered Entities About the New Regulations

Some of the concerns that were raised by banks and insurance companies include the cost associated with compliance is too high, the regulations are tough on the financial industry, and the new regulations are out of sync with other government entities that have been required to adopt cybersecurity regulations, such as the Federal Reserve and the Federal Deposit Insurance Corporation. Additionally, under the regulations, banks are also forced to hire Chief Information Security Officers if the bank does not already have one. Hiring new staff, especially staff with such a high level of skill and training takes time to identify the right person for the job.

Incident reporting is also a concern under the new regulations. All cybersecurity incidents would need to be reported under the new regulations, even if the threat is managed by the covered entity. Constant incident reporting will result in a lot of paperwork and cost, which banks are not keen on shouldering. Additionally, incident reports could be accessed by the public under the Freedom of Information Act, and the public could see how many threats New York banks and financial institutions regularly face, which could harm their reputation and could affect their business.

Contact a Cybersecurity Lawyer

The revision to the New York cybersecurity regulations just goes to show how this area of law is under a lot of pressure. Changes and revisions are being made all the time to address new cyber security threats and risk. Revision Legal works extremely hard to stay current on the dynamic nature of cyber security. Contact the experienced cybersecurity attorneys at Revision Legal using the form on this page or call us at 855-473-8474.

Image credit to Flickr user Alimuthuja.

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side