Bill Text: NY S07940 | 2017-2018 | General Assembly | Amended
Bill Title: Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.
Spectrum: Partisan Bill (Republican 3-0)
Status: (Introduced - Dead) 2018-06-18 - SUBSTITUTED BY A10486B [S07940 Detail]
Download: New_York-2017-S07940-Amended.html
STATE OF NEW YORK ________________________________________________________________________ 7940--B Cal. No. 1387 IN SENATE March 12, 2018 ___________ Introduced by Sens. SEWARD, AKSHAR -- read twice and ordered printed, and when printed to be committed to the Committee on Insurance -- committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee -- reported favorably from said commit- tee, ordered to first and second report, ordered to a third reading, amended and ordered reprinted, retaining its place in the order of third reading AN ACT to amend the insurance law, in relation to clarifying that continuing care retirement communities are not subject to department of financial services cybersecurity regulations The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Section 1119 of the insurance law is amended by adding a 2 new subsection (d) to read as follows: 3 (d) Such organization may adopt a written cybersecurity policy that is 4 designed to protect the confidentiality, integrity and security of 5 nonpublic information and is in compliance with: (i) the Health Informa- 6 tion Technology for Economic and Clinical Health Act ("HITECH"), the 7 Health Insurance Portability and Accountability Act ("HIPAA"), the 8 Gramm-Leach-Bliley Act; and (ii) all other applicable cybersecurity and 9 privacy protections governing nursing homes, adult care facilities and 10 assisted living residences to the extent the protections govern those 11 components of such organization's operations. The cybersecurity policy 12 shall be self-certified by such organization and such self-certified 13 cybersecurity policy shall be filed with the superintendent. The self- 14 certification shall attest that the policy provides sufficient 15 protections of nonpublic information in a manner which is not inconsist- 16 ent with the goals of the cybersecurity policies adopted by financial 17 services companies pursuant to regulations promulgated by the super- 18 intendent. Such self-certification shall be deemed compliant with such 19 regulations applicable to financial services companies. The superinten- 20 dent shall review the accuracy and reasonableness of the attestation. 21 Unless the superintendent objects to the attestation within sixty days 22 from the date it is submitted, such attestation shall be deemed 23 approved. 24 § 2. This act shall take effect immediately. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD15067-09-8
