These mandates expand the categories of data to be encrypted (the current draft calls for the "encryption of all nonpublic information held or transmitted"), and they tie to access control, acceptable usage policy and data retention. Basic encryption may no longer be enough to comply with the New York DFS regulations.
In his remarks on the proposal, Cuomo said, “New York, the financial capital of the world, is leading the nation in taking decisive action to protect consumers and our financial system from … state-sponsored organizations, global terrorist networks, and other criminal enterprises.”
When the requirement for encryption and data-loss protection spans not just records and managed systems, but anywhere data can travel, traditional means of encryption and monitoring may not scale.
Enjoy curated articles directly to your inbox.