NYDFS Questionnaire

Name *
The CISO of each Covered Entity shall report in writing at least annually to the Covered Entity’s board of directors or equivalent governing body. If no such board of directors or equivalent governing body exists, such report shall be timely presented to a Senior Officer of the Covered Entity responsible for the Covered Entity’s cybersecurity program
Software alone cannot sufficiently counter all threats to data protection. Security personnel training should cover data processing obligations as well as the identification of breaches and risks.
NYDFS compliance programme should involve senior stakeholders as it will require input from all departments
Many staff are unaware of their contribution to protecting private information and what is expected of them. The NYDFS requires privacy awareness training to be provided to all employees
You will need to review all existing data protection and privacy policies to ensure they comply with the new requirements
The NYDFS implements more stringent requirements for obtaining consent when collecting data from individuals. Data collection will have to adhere to just-in-time notification of “reason for data collection” and communicating to data subjects “how their data will be processed” and procedures for “further engagement in terms of enhanced privacy rights.