In the wake of the massive Equifax data breach that compromised the personal information of about 148 million Americans, the state of New York announced steps on Monday aimed at enhancing protections over consumers’ data and privacy.
For the first time, the Empire State will require credit reporting agencies operating within its borders to register with the state’s Department of Financial Services and to comply with its cybersecurity standard.
Each year a credit reporting agency with more than 1,000 customers in the state will need to register with the department, at which time its application will be reviewed by the Department of Financial Services’ superintendent. The superintendent has the authority to deny a company’s registration if it is found to violate any of the state’s laws, regulations or requirements. Credit reporting agencies will be subject to examinations whenever it is deemed necessary.
Further, every agency must have a cybersecurity program in place that is designed to protect consumer data.
Between May and July of last year, hackers gained unauthorized access to personal information stored by Equifax, which included birth dates and Social Security numbers. The public was notified about the breach in September. The total number of people compromised by the hack is about 148 million.