Under the new DFS scheme, company executives must certify compliance with the NY DFS regulations on an annual basis. Should those certifications prove incorrect, they could provide the basis for the DFS or consumers to make claims against banks, insurers and other financial services firms for breach of such certification.
The proposal notes that its requirements will be enforced “under any applicable laws,” which include laws: e.g., New York Banking Law, New York Insurance Law That contain individual civil and criminal penalties for intentionally making false statements to DFS
Map internal and external products / devices that store data Log and require company equipment used to be covered under your data security policy and ensure data encryption is utilized.
Items such as, but not limited to: servers, hard drives, SSDs, USB Flash drives, computers and mobile devices.
Inventory Analysis Evaluate the amount of personal data in totality. Purge Eliminate archives of unnecessary personal identifiable information (PII).
Controllers of Information Review privacy risk and impact assessments. Contracts Future-proof your business by enacting policies now that become mandatory after the effective start date of February 2018
Data Breaches Regulation requires notice within 72 hours.
Business within the banking, insurance and other financial services industry within New York City or if you provide a service or on contract as a vendor to these industry firms, you will need to follow and be subject to these rules as well.
You will also need to be compliant to the regulation and rules in having the right systems in place for security and data storage encryption of information. Requires organizations who process or hold personally identifiable information to implement adequate security measures to protect personal data loss.