Fall Regulatory Summit

Internal Use Only

Model Data Security (Nonbank Cyber) Law 2023 – 2025 Roadmap

Strategy 2, Measure 4 Model Data Security Law

FOCUS ON INITIAL STATES AND PLANNING

SUPPORT STATE ADOPTION

• Survey all states to determine initial adoption status • Develop resources to assist states in adoption • Develop a tracking document and reporting structure • Develop a list of target states for adoption in 2023, 2024, and 2025 • Develop plan to address states in various adoption situations • Explore quarterly opportunities to collaborate with FTC on common standards and approaches

• Implement the plan addressing states in various adoption situations • Communicate available resources

CSBS Public Website: www.csbs.org/datasecurity

Action Owner: Mike Bray

Member Sponsor: N/A

Internal Use Only

NonBank Model Data Security Law

• Leverages FTC Safeguards Rule: • Alignment with Federal Standards • Proactive Risk Management • Protecting Sensitive Data and Addressing Cyber Threats • Enhanced Consumer Protection • Implementation Methods: • Full Model Law • Alternative Language referencing compliance with FTC Safeguard Rule • Guidance • Optional Section Requiring Breach Notification to Banking Department