News Round Up: New York Cybersecurity Regulation

February 20 09:06 2017 Print This Article

New rules for banking and insurance sectors

A new cybersecurity regulation came into effect on 1st of March in New York. The requirements aim to address the threat of hacking by ensuring adequate defences are in place. Steps include developing a cybersecurity program and having written policies to address access controls, business continuity and data governance. Annual reports are also required to be sent to the company’s board of directors and organisations must have a written incident report plan.

The regulation requires cybersecurity incidents to be reported within 72 hours, echoing a similar requirement in the EU General Data Protection Regulation for breaches of personal data to be reported within 72 hours. The GDPR will come into effect in May 2018 and will harmonise data privacy rules across the EU. It also applies globally to companies that use the data of any EU citizens. Harmonisation of international rules is beneficial in establishing an excellent global standard of data privacy and making it easier for companies to abide with international requirements.

Organisations will have 180 days to comply and potentially longer for some of the provisions, allowing a grace period to implement the requirements. There is some concern that organisations won’t have enough time to be fully compliant.

New York is known as a financial capital and is a likely target for cyber attacks. The New York Cybersecurity Regulation is thought to be the first of its kind to be taken on by a U.S. state and it’s possible that other states may follow its lead in future.

A change is going to come

The introduction of the New York Cybersecurity Regulation and the General Data Protection Regulation indicate an intention to increase data protection on a substantial scale. The regulations will be affecting some of the largest and most international companies, allowing a bigger impact globally and encouraging other companies and countries to maintain a similar standard.

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment