We are all aware of federal compliance regulations when it comes to the privacy and security of our information. For example, you’d be hard pressed to find someone who hasn’t heard of HIPAA. Yet are you aware that regulations have been put in place at the state level that have the same goal – to protect our security and privacy?
This month (March 2019), the state of New York reached the end date for the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) regulations. These required third-party service providers to meet certain requirements that address their data security and compliance. A two-year time frame was provided to allow those banking, insurance, and other institutions that fell under the Covered Entities title to reach that compliance measure. The window to meet the Cybersecurity Regulation of the New York Department of Financial Services (NYDFS) was established with a generous frame due to the complexity of the process, so anyone not meeting that deadline will be a target for enforcement.
Exclusively for Our MSP Partners
Now Available: Gen AI Certification From BSN
Lead Strategic AI Conversations with Confidence
Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.
Written policies and procedures take time and finding qualified people to first learn your business and establish your compliance is not something you can take on lightly. The NYDFS required identification, risk assessment, establishing minimum cybersecurity practices that include encryption, controlled access, contractual protection, and finally due diligence processes to evaluate cybersecurity practices of third-party vendors.
As of today, 50 states have varying legislatures enacted that outline data breach notification laws. Do you know what your legal requirements are if you are hacked? What if you work with clientele across state lines? All very important questions. It is always wise to go with the guideline that is more stringent. When it comes to cybersecurity and privacy there is no limit to how strong your line of defense should be.
Having a plan in place to prevent and remediate damage is key, but you also need to ensure that you are covering all of the legalities in your process.
