Data security in the financial industry: five key developments to keep an eye on in 2016

In November 2015, the New York Department of Financial Services (NYDFS) issued a letter setting forth an extensive cybersecurity regulatory framework proposal. Following its surveys of the cybersecurity programs of over 150 financial institutions in 2013 and 2014, the NYDFS announced that it is now considering new cybersecurity regulations for the industry. Under the potential new regulations, “covered entities”–financial institutions regulated by NYDFS–would be required to implement and maintain written cybersecurity policies and procedures that address:

• information security;
• data governance and classification;
• access controls and identity management;
• business continuity and disaster recovery planning and resources;
• capacity and performance planning;
• systems operations and availability concerns;
• systems and network security;
• systems and application development and quality assurance;
• physical security and environmental controls;
• customer data privacy;
• vendor and third-party service provider management; and
• incident response, including the delineation of clearly defined roles and decision making authority.

Subscribe to Advisor Armor and let us manage this for you.  MORE