Can you summarize NYCL STT 209?

Short Summary

This legal document, part of the Consolidated Laws of New York, specifically falls under the State Technology section and pertains to the Internet Security and Privacy Act. It outlines the obligations of the office in the event of a breach of the security of the system or a breach of network security. The office is required to notify the chief information officer, chief information security officer, and cyber security coordinator of any state entity with which it shares data, provides networked services, or shares a network connection that is reasonably suspected to be affected by such a breach. Additionally, the office must provide a plan for remediation of the breach and future protection of the data and network to the relevant state entity. The document defines the terms ‘breach of the security of the system’ and ‘breach of network security’ and clarifies that ‘state entity’ refers to entities as defined in section two hundred eight of this article. No specific penalties or exemptions are mentioned in this document.

Whom does it apply to?

The office, chief information officer, chief information security officer, cyber security coordinator, state entity

What does it govern?

Breach of the security of the system or a breach of network security; shared data

What are exemptions?

No exemptions are mentioned.

What are the Penalties?

No specific penalties are mentioned.

Jurisdiction

New York

Source

NYCL STT 209 [https://reggi.cloud.regology.com/regulations/US-NYCL/US-NYCL_T_STT_A_2_S_209]

• Banking