New York to get first-in-the-nation cybersecurity standard
This is in response to the recent cyberattack that exposed the personal private data of nearly 150 million consumers nationwide.
The annual reporting obligation also provides the DFS Superintendent with the authority to deny and potentially revoke a consumer credit reporting agency's authorization to do business with New York's regulated financial institutions and consumers if the agency is found to be out of compliance with certain prohibited practices, including engaging in unfair, deceptive or predatory practices.
"A person's credit history affects virtually every part of their lives and we will not sit idle by while New Yorkers remain unprotected from cyberattacks due to lax security," Governor Cuomo said.
"Oversight of credit reporting agencies will help ensure that personal information is less vulnerable to cyberattacks and other nefarious acts in this rapidly changing digital world. The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation."
Under the proposed regulation, all consumer credit reporting agencies that operate in New York must register annually with DFS beginning on or before February 1, 2018 and by February 1 of each successive year for the calendar year thereafter.
The registration form must include an agency's officers or directors who will be responsible for compliance with the financial services, banking, and insurance laws, and regulations. ■