Yesterday, the New York State Department of Financial Services (“DFS”) released draft regulations on cybersecurity potentially effecting all entities licensed or permitted by DFS. The DFS Press release is here: http://www.dfs.ny.gov/about/press/pr1609131.htm and the draft regulations can be found here: http://www.dfs.ny.gov/legal/regulations/proposed/rp500t.pdf. DFS first announced its intention to issue these regulations in a letter to federal regulators in November 2015, seeking collaboration with the relevant federal authorities.
Dealing with Federal Trade Commission (“FTC”) cyber security standards can be a daunting task, as the FTC enforces cyber security issues under Section 5 of the Federal Trade Commission Act, which prohibits “deceptive” and “unfair” business practices generally. Beyond that general mandate, however, there are no hard-and-fast guidelines as to what the FTC considers to be “reasonable” by way of cyber security efforts a company may have taken before a breach. Indeed, the FTC has pointed to at least seven different sources of information as to what a company should do to keep customer and employee data safe:
“When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy,” was the clear pronouncement from the Federal Communications Commission (“FCC”) in its fact sheet describing proposed privacy rules directed at Internet Service Providers (“ISPs”).
With the thicket of 47 often conflicting state data breach notification laws and the the Federal Trade Commission’s independent efforts to regulate cyber security (which is a hot topic, but one that is outside the scope of this post), businesses of all sizes and in all industries are looking for a cyber security standard that can be adopted as a best practice.
The Federal Trade Commission (“FTC”) recently issued a report, entitled, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues (the “Report”), which is intended to guide companies involved in the commercial use of big data consisting of consumer information.