New NY Financial Privacy Regulation Shortens Breach Notification to 72 Hours

by Gant Redmon

August 28, 2017

A new regulation from the New York Department of Financial Services (NYDFS) goes into effect today, and with it comes steeper obligations for privacy professionals. The new law, which applies to all entities registered with the NYDFS, is more challenging than other privacy regulations in the U.S.

It implements a tighter window – 72 hours – for breach notification. For privacy professionals based in the U.S., where notification laws typically allow for 30 days or more, this requirement presents a significant operational challenge. We’ve seen this type of small window be a top concern globally for months now – as it is the same as the EU’s General Data Protection Regulation (GDPR).

The new law also expands the scope of incidents that require notification. Organizations will now be required to notify NYDFS if a cyber security event materially harms the financial institution itself. This means that personal information does not need to be involved to trigger a notification. Additionally, organizations will need to notify NYDFS if any other regulation requires them to notify other regulatory bodies or agencies.

With this new law, privacy professionals will face a wider range of incidents that require investigation and notification – and a much, much shorter timeframe in which to do so. To ensure their organizations can get ahead of these challenges and remain compliant with the new NYDFS regulation, privacy professionals need to prepare and develop faster and more efficient data breach notification processes today.

Learn how the Resilient Incident Response Platform can help make your privacy breach notification processes fast, efficient, and compliant. Sign up for a demonstration today.

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − eighteen =

View Our Additional Resources

  1. Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar

     

    Cyber Security in 2017 and the Year Ahead: The Fifth-Annual Year-in-Review and Predictions Webinar

    In IBM Resilient’s fifth-annual year-in-review and predictions webinar, our panel of cyber experts will discuss and debate the trends and stories that defined cyber security in 2017, and offer their predictions for what to expect in 2018. This year, we are also live streaming the event on Twitter for more engagement.

    Watch Now
  2. Six Steps for Building a Robust Incident Response Function

     

    Six Steps for Building a Robust Incident Response Function

    To overcome today’s top security challenges, organizations are increasingly seeking to orchestrate their incident response (IR). They aim to build agile, measurable IR workflows, increase communication and coordination, and arm their team with the right tools and intelligence.

    Download Now
  3. Top Global Research Laboratory

     

    Top Global Research Laboratory

    Learn how a top global research laboratory replaced its ticketing system with a purpose-built Incident Response Platform (IRP) -- and enabled its team to increase the effectiveness and efficiency of its security operations team.

    Download Now
  4. Improving Response with Orchestration and Automation: Ask Bruce

     

    Improving Response with Orchestration and Automation: Ask Bruce

    To effectively respond to today's complex cyberattacks, security teams need to coordinate their people and technology throughout the entire incident response (IR) process. When IR orchestration is supported by automation, organizations can accelerate their response and make their IR team more intelligent. In this video, IBM Resilient CTO Bruc...

    Watch Now