ITT Committee Update

Staff Contact: Johnny Evers
February 21, 2017

Senate Select Committee on Science, Technology, Innovation and Entrepreneurship – Hearing on March 2

On March 2 from 1pm-3pm the Senate will hold a hearing on innovation as it relates to improving state government efficiency and reducing costs. The hearing sponsored by the Senate Select Committee on Science, Technology, Innovation and Entrepreneurship will be held in room 711-A in the Legislative Office Building. Senator Martin Golden and Senator Rich Funke, and other senators in attendance, will give their perspective on this issue as well as a discussion on the establishment of a State Information Technology Center (ICENTER) and other legislative proposals. Meghan Cook, Program Director at the Center for Innovation in Government at SUNY Albany as well as a number of technology platform providers and leading technology companies have been invited to participate. The goal is to receive feedback from the business and technology community on legislation, products, services and programs that could improve government efficiency. The Business Council has also been invited to participate in the hearing.

For more information contact Johnny Evers.

Cybersecurity Regulation Finalized

Governor Cuomo has announced that the Cybersecurity Regulation under the jurisdiction of the Department of Financial Services (DFS) is finalized and will take effect on March 1, 2017. The regulation will be published on that date in the Department of State Register.

The text of the regulation is available here.

The final rule does not include many changes from the previously revised proposal. However, the Business Council was pleased to see that its advocacy for a carve out for entities that do not actually maintain information systems and personal data and for institutions such as our colleges and universities that are certified under the Insurance Law to offer charitable annuities to donors were added to the Exemption provisions of the final regulation §500.19 (d) (f).

Many issues, including compliance with the 72 hour notice to the superintendent of a cybersecurity event (a defined term §500.01(d)) will continue to be a challenge for institutions. If the Cybersecurity Event impacting the Covered Entity is required to be given to any government body or where the event has a reasonable likelihood of materially harming any material part of the normal operations of the Covered Entity then notice is required.  The DFS rejected arguments that current statute provides sufficient notification of any breach.