The approaching deadline for New York State companies to comply with a stricter set of cybersecurity requirements is stoking a debate over whether the state's tough rule could be a model for federal regulators.
The New York State Department of Financial Services recently issued a statement warning firms that they have until Sept. 4 to be in compliance with the third phase of the cybersecurity rule that first took effect last year. Next month banks and other institutions must start encrypting nonpublic data and keeping "audit trails" to help manage the aftermath of a breach.
But with federal regulators signaling their interest to strengthen cybersecurity rules, many observers are asking whether New York's framework could provide a road map.
“The NYDFS cybersecurity regulations really were groundbreaking and they are serving as a model now for other legislative and regulatory” proposals, said Edward McAndrew, co-practice leader of the privacy and data security group and head of the national cyberincident response team at Ballard Spahr.
Read more in American Banker.