Micaela McMurrough, Ashden Fein and Catlin Meade write:
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will become effective January 1, 2017.
The proposed regulation would impose several obligations on “covered entities,” which the proposed regulation defines as financial institutions regulated by New York’s banking, insurance, or financial services laws, such as banks and insurance companies.
Read more on Covington & Burling Inside Privacy.