First State-Mandated Cybersecurity Law Goes Into Effect In New York

The first state-mandated cybersecurity regulations in the nation went into effect Wednesday in New York State, requiring a wide range of financial services, banks and insurance firms to adopt measures aimed at protecting client data.

The rules, which the New York Department of Financial Services proposed in September and finalized Feb. 20, contain 23 sections detailing specific actions firms must have in place, including data encryption, appointing a chief information security officer, training employees in security, multi-factor authentication, and annual evaluations from a senior officer. The rules affect any companies regulated by New York DFS, as well as any third party vendor that has access to the data.  MORE