Credit reporting firms with significant operations in New York will face new cybersecurity and registration requirements to stave off concerns related to a breach of Equifax’s systems last year.
Companies in the credit reporting business will need to comply with the state’s cybersecurity standard and register annually with the New York Department of Financial Services starting this fall.
“The data breach at Equifax demonstrated the absolute necessity of strong state regulation, such as New York’s first-in-the-nation cybersecurity regulation, to safeguard New York’s markets, consumers and sensitive information from cyberattacks,” said NYDFS Superintendent Maria Vullo in a press release.
“DFS’s oversight of credit reporting agencies will help to ensure that the personal data of New York consumers is less vulnerable to cyberattacks in this digital world, in order to prevent further breaches of consumer financial information.”
Credit reporting companies reporting on 1,000 or more consumers in the state must register annually before or by Sept. 1 of this year, and by Feb. 1 in each calendar year that follows. Officers and directors who are responsible for credit reporting companies’ compliance must be listed on the registration forms.
The new requirement is part of a larger effort by New York to develop some of the strongest state-level risk management regulations in the United States related to cybersecurity prevention and disaster preparedness.
There were large-scale incidents related to both risk management concerns last year with unusually strong storms during the hurricane season in addition to the massive consumer data breach at Equifax.