Enter to open, tab to navigate, enter to select
NYDFS Issues Proposed Cybersecurity Regulations for the Financial Industry
Practical Law Legal Update w-003-4512 (Approx. 3 pages)
NYDFS Issues Proposed Cybersecurity Regulations for the Financial Industry
by Practical Law Intellectual Property & Technology
| Published on 14 Sep 2016 • USA (National/Federal) |
The New York State Department of Financial Services (NYDFS) issued proposed cybersecurity regulations for banks, insurers, and other financial services institutions subject to its jurisdiction. These regulations would require covered entities to, among other things, develop cybersecurity programs and appoint a chief information officer.
On September 13, 2016, the New York State Department of Financial Services (NYFDS) issued a press release announcing proposed regulations aimed at protecting consumer data and financial systems from terrorism and other criminalities. In particular, these proposed regulations seek to require banks, insurance companies, and other financial services institutions regulated by the NYFDS to:
- Establish a cybersecurity program that is designed to ensure the confidentiality, integrity, and availability of information systems.
- Adopt a written cybersecurity policy containing policies and procedures to protect information systems and nonpublic information.
- Designate a qualified individual to serve as Chief Information Security Officer responsible for:
- overseeing and implementing the institution's cybersecurity program; and
- enforcing its cybersecurity policy.
- Design policies and procedures to ensure the security of information systems and nonpublic information that is accessible to third-party service providers.
The proposed regulations, which are subject to a 45-day notice and public comment period before finalization, will be the first of its kind in the nation.