GDPR has now been in place for a couple of months in Europe, and other jurisdictions around the world are following close behind. New York State’s own data protection regulation, voted into law in March 2017, will be fully implemented come September 4.
Financial institutions will be particularly affected by this new cybersecurity law. They will have to retain an audit trail of all financial transactions, which must be keep for at least five years. Authorities will be able to verify whether or not financial institutions are keeping customer information secured to their liking. Additionally, all companies will have to encrypt their business operations data. Once that data isn’t pertinent anymore, it will have to be erased using safe deletion procedures under the new law.
The Department of Financial Services’ press release quotes the DFS’s Superintendent, Maria T. Vullo, on the new regulation:
“New York stepped into the void and took decisive action to ensure appropriate minimum standards protecting financial institutions’ data systems, including consumers’ sensitive personal information. These new protections, which include encryption, access controls and audit trails, add crucial tools to the regulation’s prior requirements in protecting the institutions and consumers.”
There are many similarities when comparing the cybersecurity requirements in both Europe and New York. However, these two cases vary significantly in one way: the New York legislation has no clear consequences or penalties for not following the letter of the law. Those will be determined on a case by case basis.
The first noncompliants caught will be the ones to set the tone, and future penalties will be based on that precedent.
The fact that there are no precisions on the penalties associated to each violation means companies can’t compare the cybersecurity costs to the risk they are taking not properly investing in security.
Nicole Clement, a senior manager in the financial services security practice at professional-services firm Accenture, addressed the Wall Street Journal on this new regulation:
‘’That lack of specificity increases the risk to a financial institution because it is unable to say here is that true financial risk we are taking on, or the true regulatory risk. Time will tell as to what the penalties will be on this.”
Evizone is the perfect solution for your business’ electronic communications. We provide our customers with high-end data encryption and our proprietary software guarantees security for our user’s clients; all in compliance with new regulations. Don’t wait for your business to get caught before investing in cybersecurity. You can test Evizone in a free trial here.
About Evizone Ltd.
Evizone Ltd. is a revolutionary secure communications, encryption and compliance software and service provider based in Montreal, Quebec, Canada. Evizone offers innovative enterprise solutions in secure messaging (next generation beyond encrypted e mail) and encryption, encryption at rest, regulatory compliance, compliance archiving, WORM compliance, 17a-4 compliance, document life cycle management and communications governance and risk management. Evizone’s services protect organizations through best in class security, encryption, recipient controls, document life cycle management, discovery management, compliance management, compliance archiving, tamper proof WORM and 17a-4 compliance archiving and complete audit records against the enormous damage caused by communications breaches. Evizone’s patented technologies offer a level of security impossible to obtain with conventional or encrypted email and fast, powerful, user friendly compliance archiving. Evizone’s services are immediately available on multiple platforms and provide the strongest commercially available communications security and compliance archiving. You can follow Evizone on Facebook, Twitter, and LinkedIn.