Peter Marta, Jasmeet Ahuja, and Asmaa Awad-Farid of Hogan Lovells write:
Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act). The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations. The Act has a particularly broad reach, impacting any company that owns or licenses private information of New York residents.
The NYDFS Regulation originally came into effect on March 1, 2017, and provided for a two-year implementation plan for companies to develop a robust cybersecurity program.
Read more on Chronicle of Data Protection.