Legal Seminar, Chicago, IL

Requirements

 Applies to information that a business has about a consumer and the sources of that information  Consumer can request disclosure of information protected  Consumer can request that information be deleted  Businesses must provide consumers with two or more ways to submit requests  Include text in the statute in the privacy policy  Regulates areas not in conflict with GLBA

NYDFS

 Requires organizations to implement more robust cybersecurity program  Implement “least privilege access” to limit unnecessary access  Ongoing risk assessments  Training and monitoring  Identify a CISO or place the function with an existing employee  Provide regular reports regarding compliance  Provide notice to regulator within 72 hours of determination that event has occurred