New York Cybersecurity Law Sets Data-Protection Standards
New York Gov. Kathy Hochul (D) signed legislation Friday that bolsters data protection and resilience of government entities against cyberattacks by requiring breach-disclosure rules and cybersecurity training.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
S-7672/A-6769 requires that municipal corporations and public authorities report cybersecurity incidents and ransom payments to the New York State Division of Homeland Security and Emergency Services within 72 hours. It also mandates annual cybersecurity awareness training for government employees and sets data-protection standards for state-maintained information systems.
“As global conflicts escalate and cyber threats evolve, so must our response, and we are taking a whole of government approach in doing so,” Hochul said in a release. “Requiring timely incident reporting and providing annual cybersecurity training for government employees will build a stronger digital shield for every community across the State and ensure they get the support they need when it matters most.”