COMING TO A STATE NEAR YOU?
STATE REGULATIONS REQUIRING MINIMUM CYBER SECUIRTY MEASURES
On September 13th, 2016 Governor Andrew Cuomo announced that the State of New York, using its power to regulate state chartered banks and all insurance companies doing business in the State, would begin requiring those entities to have minimum cyber security standards in place. The minimum standards include:
- The establishment of a cyber security program
- The adoption of a cyber security policy
- A formal, required role for a chief information security officer
- Oversight of third-party service providers
- Additional items that relate to security practices and other matters
Although some of the proposed regulations closely align with current government and voluntary certification programs like the National Institute of Standards and Technology (NIST) Cyber Security Framework, International Standards Organization 27000 (ISO), Payment Card Industry (PCI) Security Standards and private/public partnerships like North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standards, others do not.
For many regulatory areas, like insurance, utilities, health care and professional licensing there is no overarching Federal framework. Thus, states have the ability to impose their own standards on those entities that are operating within that state. This regulatory reach even extends to the new “sharing” economy businesses of ride sharing, space sharing and fantasy sports competition.
For some technology companies this new regulatory frontier will be a boon driving businesses to them in a scramble to get compliant with emerging state regulation. For others, overlapping regulations and competing contract compliance requirements will greatly increase risks associated with gathering, storing and managing data.
The Tech Council of Maryland will be monitoring all the legislation introduced in the 2107 Maryland General Assembly Session to see if any Maryland specific cyber security regulations are proposed. Please check the TCM website frequently from January to May to keep updated on developments in Annapolis as they occur.