California Consumer Privacy Act & NYDFS 23 NYCRR 201

Increasingly demanding data regulations.


The trend has been the strongest factor affecting the world of IT over the past several years.


Over the recent period, state, national, and international authorities have been producing legislation creating tight protocols for the digital information sphere.


While these laws introduced important safety standards to protect users, they also add a heavy amount of responsibility to enterprises that deal in personal data.


The most recent reforms to data privacy laws in the United States are no exception.


NYDFS for Credit Agencies


New York State’s Department of Financial Services (NYDFS) Cyber Regulations has been around since the summer of last year.


Until recently however, these laws were only applicable to banks and other similar financial institutions.


On 25 June, New York’s governor Andrew M. Cuomo announced that the Regulations would be extended to credit agencies as well. The law dubbed 23 NYCRR 201 was motivated by concerns of poor “practices of consumer credit reporting agencies (CPAs)” and the failure of these organizations to “safeguard consumer data.”


After the 1 November deadline, all CPAs will be subject to the data rules of NYDFS. These include strict disclosure requirements on cyber incidents and attacks and regular compliance statements to authorities. Most importantly, the new law will demand the implementation of response and remediation plans that ensure managers are protecting information, and that all personal data is accounted for.


California’s Sweeping Privacy Act       


In one of the fastest legislative maneuvers in history, privacy advocates recently succeeded in pushing the California Consumer Privacy Act (CCPA) through the state legislature.


The new law contains the strictest rules governing data extraction and storage in the United States today.


The most important aspects of the CCPA include “the right to opt out”, essentially the ability for users to object to their data being distributed or sold, as well as the prerogative to demand personal details be deleted. Also, companies will be required to “maintain reasonable security procedures and practices appropriate to the nature of the information”, in other words, the more sensitive the data, the more protection required.


Taking on the Challenge


CCPA and the DFS regulations reform will require organizations to keep a handle on all private data they process, know their locations, and be able organize and classify them accordingly.


This is no easy task.


Revamping operations to accommodate new security requirements can be highly disruptive to operations, part of the reason that many of these reforms triggered an uproar from the entire tech industry.


GTB’s Data Loss Protection tools offer a streamlined solution for companies that seek the most robust in data security while not hindering workflow. Powered by artificially intelligent algorithms, GTB’s platforms virtually neutralize false positives in security scans, organize data by a wide range of markers and identifying components, and monitor data in all its forms, both at rest and in motion. This ensures data remains under the highest standards of protection, while avoiding blanket security protocols that create obstacles for employees and impeded collaboration.

Data regulation is now a strong, permanent feature of the IT landscape. GTB lets companies achieve compliance with both ease and efficiency.







Comments are closed.
Want to see something cool?

Want Easy Access to
Data Security that Works?

Secure your Sensitive Data, including from  Remote Users

Try it for Free