Covered entities are exempt from certain cybersecurity requirements when they and all of their affiliates have a combined total of fewer than 10 employees (including independent contractors) who are located in New York or are responsible for business of the covered entity; when filing a Notice of Exemption for a limited exemption, maintain supporting data and documentation for 5 years and make the information available to the DFS upon request.
1 minute read
NY DFS Clarifies Criteria for Small Business Exemptions
Related Posts
NHS Cyber Attack Highlights Third-Party Risk
A recent cyber attack targeting a blood test provider contracted by the NHS has resulted in the theft…
New York Introduces Stricter Social Media Privacy Laws for Children
New York has enacted stringent legislation aimed at enhancing social media privacy protections for children. The new law…
Surge in Data Subject Requests (DSRs)
A recent report reveals a significant increase in Data Subject Requests (DSRs), highlighting the growing demand for individuals…