Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.
STATE OF NEW YORK
________________________________________________________________________
10486--B
R. R. 122
IN ASSEMBLY
April 30, 2018
___________
Introduced by M. of A. CAHILL, LUPARDO, LIFTON -- read once and referred
to the Committee on Insurance -- committee discharged, bill amended,
ordered reprinted as amended and recommitted to said committee --
reported and referred to the Committee on Rules -- amended on the
special order of third reading, ordered reprinted as amended, retain-
ing its place on the special order of third reading
AN ACT to amend the insurance law, in relation to authorizing continuing
care retirement communities to adopt a written cybersecurity policy
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. Section 1119 of the insurance law is amended by adding a
2 new subsection (d) to read as follows:
3 (d) Such organization may adopt a written cybersecurity policy that is
4 designed to protect the confidentiality, integrity and security of
5 nonpublic information and is in compliance with: (i) the Health Informa-
6 tion Technology for Economic and Clinical Health Act ("HITECH"), the
7 Health Insurance Portability and Accountability Act ("HIPAA"), the
8 Gramm-Leach-Bliley Act; and (ii) all other applicable cybersecurity and
9 privacy protections governing nursing homes, adult care facilities and
10 assisted living residences to the extent the protections govern those
11 components of such organization's operations. The cybersecurity policy
12 shall be self-certified by such organization and such self-certified
13 cybersecurity policy shall be filed with the superintendent. The self-
14 certification shall attest that the policy provides sufficient
15 protections of nonpublic information in a manner which is not inconsist-
16 ent with the goals of the cybersecurity policies adopted by financial
17 services companies pursuant to regulations promulgated by the super-
18 intendent. Such self-certification shall be deemed compliant with such
19 regulations applicable to financial services companies. The superinten-
20 dent shall review the accuracy and reasonableness of the attestation.
21 Unless the superintendent objects to the attestation within sixty days
22 from the date it is submitted, such attestation shall be deemed
23 approved.
24 § 2. This act shall take effect immediately.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD15486-10-8