New York State Announces New Cyber Regulations; Exempts Itself

Posted on By Mark Sauter No Comments on New York State Announces New Cyber Regulations; Exempts Itself

New York’s legislature has announced two new amendments and a clarification to the State’s cyber law involving data breaches, highlighting important changes in cyber regulations, reports the indispensable JD Supra.

Businesses now have a 30-day deadline to notify residents impacted by covered breaches and, if the hack involves financial matters, the New York Department of Financial Services (NYDFS), among others, must also be notified. New York also expanded the definition of information falling under these regulations, adding medical and health insurance data, apparently creating some redundancies with the fed’s HIPAA, or Health Insurance Portability and Accountability Act.

The image is the official seal of the New York State Assembly. It features a circular design with a blue outer ring containing the words "ASSEMBLY" at the top and "STATE OF NEW YORK" at the bottom in bold, capitalized white letters. The inner part of the seal displays the New York State Coat of Arms, which includes a shield with a sun rising behind a mountain and river, supported by two allegorical figures: Liberty (holding a pole with a Phrygian cap) on the left and Justice (holding scales and a sword) on the right. Above the shield, a bald eagle sits atop a globe. Below the shield, a banner displays the state motto, "Excelsior", meaning "Ever Upward."

Deadlines in Cyber Regulations Don’t Apply to State

But what happens if the hack of a New York State IT system creates a similar breach? JD Supra diplomatically notes: “New York agencies, however, are not bound by the 30-day deadline. State agencies must notify affected individuals in the most expedient time possible and without unreasonable delay.”

When last we checked in with New York State cyber regulations, it was insurance regulators warning insurance companies that their AI technologies better not hurt “protected classes” or “perpetuate or amplify systemic biases that have resulted in unlawful or unfair discrimination.” 

Other News: Majority of EU Companies Unprepared for Looming NIS2 Cybersecurity Deadline, Veeam Survey Reveals(Opens in a new browser tab)

Mark Sauter

Cyber Insurance, Cyber Insurance Laws & Regulations, Cyber Regulations

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *