The Department of Financial Services has issued a final regulation to protect New Yorkers from the threat of data breaches at credit reporting agencies, such as the Equifax breach that exposed the personal private data of millions of New Yorkers. The new regulation, which incorporates comments received during a public comment period, requires credit reporting agencies with significant operations in New York to register with DFS for the first time and to comply with New York's first-in-the-nation cybersecurity standard. The annual reporting obligation also provides the DFS Superintendent with the authority to deny, suspend and potentially revoke a consumer credit reporting agency's authorization to do business with New York's regulated financial institutions and consumers if the agency is found to be out of compliance with certain prohibited practices, including engaging in unfair, deceptive or predatory practices.
"As the federal government weakens consumer protections, New York is strengthening them with these new standards," Governor Cuomo said. "Oversight of credit reporting agencies ensures that the personal private information of New Yorkers is less vulnerable to the threat of cyber-attacks, providing them with peace of mind about their financial future."
Under the new regulation, all consumer credit reporting agencies that reported on 1,000 or more New York consumers in the preceding year must register annually with DFS beginning on or before September 1, 2018, and by February 1 of each successive year for the calendar year thereafter. The registration form must include an agency's officers and directors who will be responsible for compliance with the financial services, banking, and insurance laws, and regulations.
Click here for the full announcement.
Source: The Office of Governor Andrew M. Cuomo