In early September 2016, the New York Department of Financial Services (“DFS”) proposed a set of data security regulations (the “Proposal”) that would govern financial institutions, banks, and insurance companies subject to the jurisdiction of the agency (“covered entities”). After receiving public comments, DFS revised and resubmitted the Proposal on December 28, 2016. If the Proposal ultimately goes into effect it would require that covered entities have a written information security policy (“WISP”) and outline specific provisions (substantive and procedural) that must be contained in that document. While the Proposal has garnered a great deal of public attention, the majority of the provisions in the latest version are not unique.
Prior to the Proposal at least four states already required that if a company collected financial information about consumers within theirRead More