N.Y. Comp. Codes R. & Regs. Tit. 23 § 500.15 - Encryption of Nonpublic Information

State Regulations
Compare

(a) As part of its cybersecurity program, each covered entity shall implement a written policy requiring encryption that meets industry standards, to protect nonpublic information held or transmitted by the covered entity both in transit over external networks and at rest.

(b) To the extent a covered entity determines that encryption of nonpublic information at rest is infeasible, the covered entity may instead secure such nonpublic information using effective alternative compensating controls that have been reviewed and approved by the covered entity's CISO in writing . The feasibility of encryption and effectiveness of the compensating controls shall be reviewed by the CISO at least annually.

Notes

N.Y. Comp. Codes R. & Regs. Tit. 23 § 500.15

Adopted, New York State Register March 1, 2017/Volume XXXIX, Issue 09, eff. 3/1/2017 Amended New York State Register November 1, 2023/Volume XLV, Issue 44, eff. 11/1/2023

State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.

No prior version found.