This month the State of New York began sending notifications of non-compliance to businesses covered by New York’s recently enacted cybersecurity regulations. The regulations require covered entities to certify compliance with cybersecurity protocols as of February 15, 2018. The cyber regulations cover not only financial institutions and insurance companies, but all other business regulated by New York’s Department of Financial Services, including charitable organizations, financial planners, service contract providers, and other institutions requiring a license from the Department. We expect that the cybersecurity compliance regulations will soon be expanded to other types of businesses in New York, and may ultimately cover any entity that gathers or transmits non-public consumer information.
New York may be leading the way, but New Jersey and many other states will likely follow suit in 2018. Last year, 28 states enacted some form of cybersecurity regulations, and at least 42 states introduced some form of legislation related to cybersecurity, much of which is still pending. As cybersecurity breaches become more widespread, expect the wave of cybersecurity regulations to impact your business. Apart from concerns of regulatory compliance, having a sound cybersecurity policy in place makes good business sense as part of your company’s overall electronic and digital policies. A practical strategy is to assess your regulatory compliance obligations now, and begin to implement cybersecurity protocols for your company so that when the new laws arrive, you can carry on your business unimpeded.
Please feel free to reach out to us with any questions, or if you would like to discuss how we can assist in drafting a cybersecurity policy, or reviewing other aspects of your electronic usage and other employment policies.
For more information on the above issue or relating to any
existing or potential business dispute, please contact:
David A Ward, Esq.