A new cybersecurity regulation from the New York State Department of Financial Services (NYDFS) is now in effect. Its purpose is similar to that of Europe’s GDPR. The regulation forces financial companies – banks, credit unions, insurance providers, etc. – to take actions to protect customers’ data.
For example, they must have policies for safely deleting personal information and must notify NYDFS within 72 hours if there’s a cybersecurity event. Even if a company isn’t located in New York, it will be forced to follow these regulations if it has a branch in the state. Ultimately, the regulations are a sign that governments are now taking cybersecurity more seriously.
Key Takeaways:
- The regulation is similar to Europe’s GDPR in its intent to protect citizens’ data.
- New York financial companies will have to notify NYDFS of a cybersecurity event within 72 hours.
- The regulation applies to banks, credit unions, mortgage lenders, and insurance companies, among others.
“Since its announcement, this set of requirements has undergone a few changes, and its legal language can be unclear.”
Read more: https://www.makeuseof.com/does-nydfs-cybersecurity-regulation-apply/
