As data privacy and security concerns becoming more prevalent, governmental bodies are reacting by issuing regulations focusing on personal information security. One of the latest is 23 NYCRR 500, issued by the New York Department of Financial Services.
The regulation’s main focus is to heighten the overall security measurements currently applied by financial services in New York State.
The NY DFS is approaching customer privacy by expanding on what types of data organizations should protect. It uses a specific term for these data variants, calling it nonpublic information.
The NY DFS definition of nonpublic information covers all business-related information that when tampered with would cause a material adverse impact to the organization. But it doesn’t stop there it also includes all customer provided Personally Identifiable Information (PII) that is collected and processed by financial institutions.
Apart from the usual (name, address, phone number, social security number), nonpublic information also includes anything that can be used to distinguish or trace an individual’s identity.
The regulation is clear on what constitutes PII. Here’s a quick rundown: any information…
Organizations providing financial services in the state of New York must redefine privacy policies and procedures to comply with the regulation. They also need to evaluate what IT assets are being used to process and store nonpublic information. Some data may now require an added level of security.
A greater emphasis must be put on securing data and defining who has access to assets containing nonpublic information.
In our next blog, we will touch on how this translates to real-world security measures that can be applied to comply with the new regulation.
In the meantime, if you would like to learn how Balabit can help you comply with 23 NYCRR 500 download our white paper here.
With 2017 now done and dusted, it’s time to think ...
Like many years before it, 2017 has seen a large ...
This is a guest post by Adrian Asher, CISO at London ...
“The [Balabit] solution’s strongest points are the privileged session management, recording and search, and applying policy filters to apps and commands typed by administrators on monitored sessions.”
– The Forrester Wave, Privileged Identity Management, Q3 2016, by Andras Cser