From: CFO
New regulations in New York tie cybersecurity to access control, acceptable usage policy, and data retention.
Just last month, the New York Department of Financial Services and Governor Andrew Cuomo announced a series of new rules strengthening cybersecurity requirements for financial firms in the state of New York. This is the latest in a series of announcement aimed at protecting clients, consumers and financial entities from the “ever-growing threat of cyber-attacks.”
These mandates are interesting because not only do they dramatically expand the categories of data to be encrypted (the current draft calls for the “encryption of all nonpublic information held or transmitted”), but because they tie it tightly to access control, acceptable usage policy, and data retention. In short, simple encryption won’t be enough to comply with the New York DFS regulations.
Leave a Reply