October 18, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

October 17, 2019

Subscribe to Latest Legal News and Analysis

October 16, 2019

Subscribe to Latest Legal News and Analysis

New York State Proposes Cybersecurity Regulation Impacting Banks, Insurance Companies & Other Financial Services Institutions

New York Governor Andrew M. Cuomo announced yesterday a new proposed regulation to address the growing threat posed by cyber-attacks. According to the State’s press release, the proposed regulation, which is subject to a 45-day notice and public comment period before final issuance, “aims to protect consumer data and financial systems from terrorist organizations and other criminal enterprises.”  In the past 18 months, several other states – including Connecticut, Nevada, and Washington – have also taken legislation action to promote greater protection against cyber-threats.

New York StateOnce in place, New York’s regulation will require regulated organizations – specifically banks, insurance companies, and other financial services institutions regulated by the State’s Department of Financial Services – to: (1) establish a cybersecurity program; (2) adopt a written cybersecurity policy; (3) designate a Chief Information Security Officer; and (4) implement policies and procedures designed to ensure the security of information systems. The Department of Financial Services has published guidance fleshing out each of the foregoing requirements.

In the wake of Gov. Cuomo’s announcement, banks, insurance companies, and subject financial services institutions that do business in New York should carefully review their current programs, policies, and procedures to evaluate what action, if any, they will need to take to comply with the new obligations contemplated by the State’s proposed regulation.

Jackson Lewis P.C. © 2019


About this Author

Damon Silver, Employment Lawyer, Corporate Matters, Jackson Lewis

Damon W. Silver is an Associate in the New York City, New York, office of Jackson Lewis P.C.

In his Privacy, e-Communication and Data Security practice, Mr. Silver advises clients in various industries on compliance with federal and international privacy laws, including HIPPA, the ADA, GINA, FMLA, the TCPA, FCRA, and the EU-U.S. Privacy Shield. He also provides guidance to organizations on data breach prevention and response. 

In the area of employment litigation, Mr. Silver defends...