Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation
Data Matters
AUGUST 19, 2020
maintain and implement data governance and classification policies for NPI suitable to its business model and associated risks and maintain an appropriate, risk-based policy governing access controls for applications that contain or transmit NPI (23 NYCRR § 500.03). Alternative controls can be put in place if encryption is infeasible.
Let's personalize your content