Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services Cybersecurity Regulation and the effective date of the Stop Hacks and Improve Electronic Data Security Act. The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations on regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.
The Federal Trade Commission issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act, commonly known as the Safeguards Rule and Privacy Rule. Once the notices are published in the Federal Register comments must be received within 60 days. The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade.