In February 2017, the New York State Department of Financial Services (“DFS”) finalized a new set of cybersecurity regulations that governs New York’s banking, insurance, and financial services industries. Entities in those industries are required to develop and implement cybersecurity programs tailored to their individual risk levels. See Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.§ 500.02.
The Federal Communications Commission (“FCC”) adopted rules in 2016 that restricted Internet Service Providers (“ISPs”), such as Verizon, AT&T, and Comcast, from sharing sensitive data, including browsing history and location data, without consumer consent. We discussed these groundbreaking rules in our previous blog post.
The new NYS DFS cybersecurity regulations will have international reach.
Even in today’s day and age, data security issues are sometimes (much too often, in fact) shuffled aside by C-suite executives who are stuck believing that network security is a concern for the IT department, not those who run the company on a day-to-day basis.
Last Thursday, Governor Martinez of New Mexico signed into law the 48th state-level data breach notification law, bringing the requirements for notifying individuals affected by data breaches to this state.