The New York State Department of Financial Services (DFS) cybersecurity requirements for financial services companies went into effect on Septembers 4 of this year. On the surface, it may look like these regulations only pertain to the state of New York – but in reality, they include any party who processes or is otherwise permitted access to Nonpublic Information of New York State origin. Simply put, if your financial institution does work for any New York resident, you may now be subject to this regulation.
One of the most prevalent provisions of this regulation comes from Section 500.11 Third Party Service Provider Security Policy (b)(2), which requires the "...use of encryption as required by section 500.15 of this Part to protect Nonpublic Information in transit and at rest". Nonpublic Information (NPI) under this regulation pertains to all electronic information that is not publicly available, including but not limited to individual identifiers, health data, and financial data.
But what does data encryption really mean?
Not all data encryption is equal; and unlike other security measures, it’s not as simple as turning it on and off. Let's geek out a bit and cover several types of encryption available today:
Along with these types, there are also a wide array of encryption options available based on the type of data being encrypted, cost, and availability requirements, including:
Effective data encryption is more than checking an option box. It takes planning and often expertise from internal IT and compliance, application vendors and third parties processing the data, as well as commercial platforms and resources. Prior to beginning, it is a good idea to consider:
Stay up to date with the latest people-inspired innovation at Jack Henry.
Who We Serve
What We Offer
Who We Are