New York data breach notification legislation supported by ISO27001

New YorkWith over two million businesses based in New York, the state is known for its high concentration of advanced service sector firms in industries such as law, accountancy, banking, and management consultancy. As you’d expect, technology, data, and the infrastructure that holds it in place is key to keeping the state running.

As more businesses move their data between corporate networks, mobile devices, and the Cloud, the task to remain cyber secure becomes ever more challenging. Recently high-profile brands and a few New York-based firms have suffered data breaches:

  • New York State Electric & Gas

Back in 2012, an employee from a software consulting firm was allowed unauthorized access to New York State Electric & Gas’s database. As a result, 1.8m customers’ personal information was exposed, including Social Security numbers, birth dates, and other account information.

  • New York Taxis

173 million journey details were released from New York Taxis after a freedom of information request was incorrectly anonymised. The data was relatively easy to decode, revealing the driver IDs, pick-up and drop-off times, and GPS routes taken for every single cab journey.

In order to help protect consumer data, the New York General Business Law 899-aa and State Technology Law 208requires entities that conduct business in New York, and that own or license computerized personal information, to notify New York residents of any data breach that could compromise their personal information. If breached, they must also notify the Attorney General, the Consumer Protection Board, the NYS Division of State Police, and the Office of Information Technology Services.

Organizations that must comply with the New York General Business Law 899-aa, New York State Technology Law 208, and other information security legislation (FISMA, HIPAA, SOX etc.) while maintaining a comprehensive approach to cyber security may struggle to ensure compliance.

ISO27001 is the internationally recognized information security standard against which an information security management system (ISMS) can be certified. It provides a single, robust framework that supports adherence to multiple legislated information security requirements, including New York data breach notification legislation.

Implementing an ISO27001-accredited ISMS will greatly enhance your cyber security posture, by improving security while gaining a competitive advantage.

Find out more about ISO27001 and suitable routes to certification >>