New York is now the first state in the nation to enact regulations designed to protect consumer's private data. The new rules are also designed to protect the financial services industry from the growing threat of cyber-attacks.
There's lots of good reasons behind the new regulations.
"Recent statistic out there is that one in three Americans have had their healthcare date compromised. And that doesn't take into account credit card breaches, it doesn't take into account other breaches that are out there," said Paul Greene. An attorney with Harter Secrest & Emery, Greene says, the new rules - designed to prevent and avoid cyber breaches - apply to thousands of entities regulated by New York's Department of Financial Services - including banks, insurance companies and their third party service providers.
"So that could be their IT provider. It could be a direct mailing company. It could be anyone who provides services to the covered entity," Greene said.
Consumers across the state will likely be better protected against cybercrime, he says, but that means new hurdles accessing services - such as multi-factor authentication.
"That kind of authentication where you put in a password and then you've got to put in another code, or some other kind of credential, to get into a system," Greene said.
The new rules, he says, are a significant change for the financial industry and they could lead to consolidation.
"Small players, small insurance companies, small banks, may not be able to bear the brunt of the regulatory requirements that these rules bring with them. So those companies may role up into larger companies. Or they may just go out of business," Greene said.
While they take effect March 1st the financial services industry has a 180-day grace period to comply with the new rules without penalty.