On September 13, 2016, the New York Department of Financial Services issued the first comprehensive state regulatory proposal to address cybersecurity.
Under the proposed regulations, certain banks, insurers and other financial services institutions authorized to operate in New York will be required to assess their cybersecurity risks and establish and maintain a cybersecurity program designed to address such risks. This alert memorandum covers the key obligations set forth in the state proposal and contrasts them with the obligations required under the federal Gramm-Leach-Bliley Act.