Now that the WannaCry ransomware has your attention and the attention of everybody else, it is time to start thinking about your company’s cybersecurity legal and compliance obligations.
Do you know whether your company will be impacted by New York’s expansive and global reaching Cybersecurity Regulations? The new Regulations govern many companies that do business in New York as well as other companies they do business with, even if they are not located in or doing business in New York.
The Regulations became effective in March and enforcement begins on August 28, 2017. For companies directly regulated (Covered Entities), the Cybersecurity Regulations provide an outline of essential standards, dictate who should lead the process,andmandate top down buy-in by management and the Board of Directors through these mechanisms:
- Each Covered Entity must assess its unique risk profile and design a cybersecurity risk management program that addresses its risks in a robust fashion.
- Each Covered Entity must designate a qualified individual to serve as its Chief Information Security Officer responsible for overseeing and implementing its cybersecurity program that must include things such as cybersecurity-focused policies and procedures and workforce training, penetration testing, third party service provider policies and procedures, development of an incident response plan, and stringent reporting obligations.
- Each Covered Entity’s senior management must be responsible for its cybersecurity program and file an annual certification confirming compliance with the Cybersecurity Regulations that is attested to by either a Senior Officer or the Chairman of the Board of Directors.
I am inviting you to a COMPLIMENTARY WEBINAR I will be hosting to explain which companies will be impacted and the details about this new law.
Time: 10:00 CST
Can’t attend at that time? No problem, register to view it online at your convenience.
Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.