The State of New York adopted mandates and requirements for financial services institutions licensed or authorized by The New York State Department of Financial Services (DFS) to conduct business. 23 NYCRR 500 is designed to bolster defenses against cybersecurity attacks to protect customers’ private, personal, and sensitive data as well as companies’ information technology systems. The mandate requires each covered company to assess its risks, then design and implement programs to address the risks. Additionally, covered companies need to establish security policies governing sensitive data usage of any third-party service providers with whom they share data.
In this free whitepaper, our data experts weigh in on:
- A detailed overview of 23 NYCRR 500 and its key requirements
- What is involved in proving annual compliance
- Similarities to GDPR and CCPA, and how to simplify compliance with all three