ALBANY, N.Y.– As fallout from the Equifax breach continues, New York Gov. Andrew Cuomo said he wants credit-reporting firms to comply with the state’s new cyber-security regulations.
Cuomo said he planned to require all credit-reporting agencies to register with the state and comply with its cyber-security rules.
Cuomo’s proposed regulation would take place in February 2018. Any company that does not register with the state would potentially be barred from doing business in New York State if they are found to have engaged in “unfair, deceptive or predatory practices.”
“The Equifax breach was a wake-up call,” Cuomo said in a statement. “And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”
As CUToday.info reported earlier, on March 1 New York enacted a new state cyber-security regulation that requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to regulators.
Maine is currently the only U.S. state that requires credit agencies to register.
ALBANY, N.Y.– As fallout from the Equifax breach continues, New York Gov. Andrew Cuomo said he wants credit-reporting firms to comply with the state’s new cyber-security regulations.
Cuomo said he planned to require all credit-reporting agencies to register with the state and comply with its cyber-security rules.
Cuomo’s proposed regulation would take place in February 2018. Any company that does not register with the state would potentially be barred from doing business in New York State if they are found to have engaged in “unfair, deceptive or predatory practices.”
“The Equifax breach was a wake-up call,” Cuomo said in a statement. “And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”
As CUToday.info reported earlier, on March 1 New York enacted a new state cyber-security regulation that requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to regulators.
Maine is currently the only U.S. state that requires credit agencies to register.
Following the announcement by New York's governor, Bill Mellin, president of the New York Credit Union Association issued a statement saying, "The Equifax data breach and their bungled response yet again underscore the need for a robust cybersecurity framework at the federal level. The bottom line is, what we’re doing now from a cybersecurity standpoint is just not working. Far too often we are seeing the same reaction from organizations that have failed to adequately protect consumers’ data: a press release that’s light on details released long after the breach was discovered; a year of free credit monitoring; and an apology and a commitment to do better. That’s no longer enough.
"While New York state should be applauded for imposing common-sense requirements on credit reporting agencies, what is ultimately needed are uniform standards imposed on all businesses that maintain confidential information, and legal ramifications for those entities that don’t live up to their end of the bargain," Mellin continued. "Meanwhile, credit unions and the millions of consumers they serve—who played no role in having their personal information compromised—are bearing the real brunt of these data breaches. Consumers and credit unions alike need a course of action to recover costs associated with these types of cybersecurity incidents, which are alarmingly becoming more and more severe. New York’s credit unions favor strong uniform standards, coupled with a legal framework that truly holds companies responsible when they fail to safeguard the personal and financial information of consumers. Every business and entity that collects or stores this type of information should be subject to the same strict standards. And if Congress cannot act unilaterally to solve the gaping holes in our nation’s cyber-infrastructure, then the state of New York should.”