New York Cybersecurity Regulations
New York Shield Act
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act protects personal and private data and impacts all New York businesses - even small businesses - that has employees or customers who live in New York and even if the business is based in another state or another country needs to implement this new policy.
Requirements include implementing a cybersecurity program, conducting regular security risk assessments, conducting due diligence on all third-party vendors, testing and monitoring cybersecurity controls, maintaining cybersecurity policies and procedures, and training employees in cybersecurity awareness.
The New York State Attorney General penalties are $5,000 for each violation and up to $250,000.
NYDFS 23 NYCRR 500
The New York Department of Financial Services (NYDFS) 23 NYCRR 500 regulation requires banks, financial services institutions, and insurance companies to create cybersecurity and data privacy compliance programs.
The NYDFS Cybersecurity Regulation addresses cybersecurity that financial services and insurance companies must comply with to protect to their customers' confidential information and their IT systems from cyber attacks. Requirements include conducting regular security risk assessments, keeping asset use audit trails, providing defensive infrastructures, maintaining cybersecurity policies and procedures, and creating an incident response plan.
Compliance violations can incur fines of $250,000 or one percent of total banking assets.
Clarus Tech Partners Can Develop Your New York Cybersecurity Programs & Scan Your Systems for Compliance
With an office in New York, our Clarus Tech Partners team will assess your compliance and security risks, then design and implement a customized cybersecurity compliance program to meet your industry specific needs for New York regulations.