Try a no-risk free trial today!
Following the Equifax breach, New York State has announced a proposed regulation for credit reporting agencies. According to the press release, Governor Andrew M. Cuomo today directed the Department of Financial Services to issue a new regulation making credit reporting agencies to register with New York for the first time and comply with this state’s first-in-the-nation cybersecurity standard.
“Credit Rating Agencies Must Comply with New York’s First-in-the-Nation Cybersecurity Regulation”
“This Regulation Would Give the DFS Oversight of Credit Reporting Agencies for the First Time Ever”
“DFS Superintendent May Deny or Revoke Agencies Authorization to Do Business with New York’s Regulated Financial Institutions and Consumers”
“A person’s credit history affects virtually every part of their lives and we will not sit idly by while New Yorkers remain unprotected from cyberattacks due to lax security,” Governor Cuomo said. “Oversight of credit reporting agencies will help ensure that personal information is less vulnerable to cyberattacks and other nefarious acts in this rapidly changing digital world. The Equifax breach was a wakeup call and with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”
Under the proposed regulations, every consumer reporting agency that assembles evaluates or maintains a consumer credit report on NYS consumers must register with the State by February 1, 2018, and have in place a written cybersecurity program by April 4, 2018. The program must identify and assess internal and external cybersecurity risks that may threaten non-public information, including personally identifying consumer information. The program must include provisions that address data governance and classification, asset inventory and device management, access control and identity management, systems and network security and monitoring, as well as other mandated areas.
The proposed regulation also subjects consumer reporting agencies to examinations by DFS as often as the Superintendent determines is necessary, and prohibits agencies from the following:
Shoot us a message to start a discussion about how our team can help you today.
Stay up-to-date on the latest news in the cyberverse.