(New York, NY – Insurance News 360) – Governor Andrew M. Cuomo announced that credit reporting companies are now required to register with the Department of Financial Services to comply with the state’s cybersecurity regulations.
To protect New York residents from data breaches at credit reporting agencies, a new regulation will require these agencies to register with the Department of Financial Services and to comply with annual reporting obligations. The DFS Superintendent will have the authority to deny, suspend and potentially revoke a consumer credit reporting agency’s authorization to do business with New York’s regulated financial institutions and consumers if the agency is not in compliance, if they are engaging in prohibited practices, like engaging in unfair, deceptive or predatory practices.
“As the federal government weakens consumer protections, New York is strengthening them with these new standards,” Governor Cuomo said. “Oversight of credit reporting agencies ensures that the personal private information of New Yorkers is less vulnerable to the threat of cyber-attacks, providing them with peace of mind about their financial future.”
The new regulation requires all consumer credit reporting agencies that reported on 1,000 or more New York consumers in the preceding year must register annually with DFS beginning on or before September 1, 2018, and by February 1 of each successive year for the calendar year thereafter. The registration form must include an agency’s officers and directors who will be responsible for compliance with the financial services, banking, and insurance laws, and regulations.
“The data breach at Equifax demonstrated the absolute necessity of strong state regulation, such as New York’s first-in-the-nation cybersecurity regulation, to safeguard New York’s markets, consumers and sensitive information from cyberattacks. DFS’s oversight of credit reporting agencies will help to ensure that the personal data of New York consumers is less vulnerable to cyberattacks in this digital world, in order to prevent further breaches of consumer financial information,” said Financial Services Superintendent Maria T. Vullo.
The DFS Superintendent may refuse to renew a consumer credit reporting agency’s registration if the Superintendent finds that the applicant or any member, principal, officer or director of the applicant, has, among other things:
Violated any insurance, financial service, or banking laws or violated any regulation, subpoena or order of the Superintendent or of another state’s insurance or banking commissioner or of any other state or federal agency with authority to regulate consumer credit reporting agencies, or has violated any law in the course of his or her dealings in such capacity;
Failed to comply with the requirements of the regulation, including but not limited to, section 201.07 concerning cybersecurity;
Used fraudulent, coercive or dishonest practices; or
Provided materially incorrect, materially misleading, materially incomplete or materially untrue information in the registration application.
Consumer reporting agencies are also subjected to examinations by DFS as often as the Superintendent determines is necessary, and prohibits agencies from the following, unless preempted by federal law:
Directly or indirectly employing any scheme, device or artifice to defraud or mislead a consumer;
Engaging in any unfair, deceptive or predatory act or practice toward any consumer;
Misrepresenting or omitting any material information in connection with the assembly, evaluation, or maintenance of a credit report for a New York consumer;
Engaging in any unfair, deceptive, or abusive act or practice in violation of the Dodd-Frank Wall Street Reform and Consumer Protection Act;
Failing to comply with the provisions of federal law relating to the accuracy of the information in any consumer report relating to a New York consumer;
Refusing to communicate with an authorized representative of a New York consumer who provides a written authorization signed by the consumer, with certain provisions;
Making any false statement or making any omission of a material fact in connection with any information or reports filed with a governmental agency or in connection with any investigation conducted by the Superintendent or another governmental agency.
A copy of the final regulation can be found here
Source: New York Department of Financial Services.