comprehensive cybersecurity program and policy. The CISO must perform periodic Risk Assessments to assess the confidentiality, integrity, security, and availability of the organization’s information systems and nonpublic information. Based on this assessment, the CISO must then develop a thorough cybersecurity program which must, at a minimum: (1) identify internal and external cyber risks; (2) use defensive infrastructure and the implementation of policies and procedures to protect information systems and nonpublic information; (3) detect cybersecurity events; (4) respond to, detect, and mitigate the effects of cybersecurity events; (5) recover from cybersecurity events; and (6) fulfill regulatory reporting requirements. Again based on the Risk Assessment, the CISO must also develop a comprehensive cybersecurity policy for the organization, detailing areas such as data governance, access controls and identity management, systems and network security, and incident response. While these regulations are somewhat flexible, in that they allow for modification based on the particular risks faced by any given organization, they are also extensive and highly detailed. Minnesota companies that may at any time be regulated by the New York DFS should carefully monitor these regulations and stay up to date with any newly-issued guidance. Other State Privacy and Breach Notification Laws Following extensive fears of identity theft and highly publicized data security breaches, most states, including Minnesota, passed laws requiring consumer notification when a security breach involving private information occurs. While there continues to be discussion about the need for a comprehensive federal law that would preempt the patchwork of state laws and create a uniform standard, as of the publication of this Guide, there is no such federal breach notification statute. A Minnesota business is therefore still required to comply with multiple state laws in the event of a data breach that involves the personal information of residents of other states.
125
Made with FlippingBook - Online Brochure Maker