Our friends at Privacy & Security Matters recently posted an important update on the New York State Department of Financial Services' new cybersecurity regulations. The regulations, which became effective March 1, 2017, impose a series of requirements on banks, insurers and financial services firms as well as on third party service providers that have access to these entities' nonpublic information, such as IT vendors, law firms and accounting firms. Among other requirements, covered entities must designate chief information security officers within their organizations, create detailed response plans for dealing with security breaches and institute employee training programs. The regulations establish several compliance deadlines and we strongly encourage employers to take a proactive approach in revising their policies and practices to meet these new obligations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.