Covered entities are exempt from certain cybersecurity requirements when they and all of their affiliates have a combined total of fewer than 10 employees (including independent contractors) who are located in New York or are responsible for business of the covered entity; when filing a Notice of Exemption for a limited exemption, maintain supporting data and documentation for 5 years and make the information available to the DFS upon request.
NY DFS Clarifies Criteria for Small Business Exemptions
Related Posts
University of Michigan Data Breach
The recent cyberattack on the University of Michigan, where sensitive employee and student data fell victim to a…
Irish National Police Data Leak Highlights Third-Party Risk
The recent data breach incident involving the Irish National Police. This breach underscores the critical importance of addressing…
California Enacts New Delete Act to Strengthen Data Privacy
We are thrilled to share a significant development in data privacy regulation. California has taken a momentous step…