In Wake of Equifax Data Breach, Credit Reporting Agencies Made Subject to NY State Cybersecurity Regulations

Dan Clark reports:

Credit reporting agencies will now be required to register with the state and comply with its cybersecurity regulations, the state Department of Financial Services announced Monday.

The new rules are the state’s response to last year’s data breach at Equifax, a credit reporting agency, that exposed the personal information of 143 million people. If a credit reporting agency is found to have violated the new regulations, the DFS will now have the power to block them from serving New York state residents.

Under the new rules, any credit reporting agency that ran more than 1,000 credit reports in New York state in the last year will have to register with the DFS by the beginning of September and then again at the beginning of February each year.

Read more on New York Law Journal(free sub. required)

h/t, Joe Cadillic

California Sets 30 Day Deadline for Data Breach Notifications
California’s New Delete Request Tool Impacts Data Brokers and Residents
Shad White’s office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements
California hospitals can escape fines if workers expose patient info
Two agencies in one state investigated and fined Healthplex. Was that one too many?
Ohio law to require local governments to formally approve ransomware payments

Related: