In 2018, triggered by several high-profile cybersecurity breaches, the CSBS Board of Directors requested the NonDepository Supervisory Committee (NDSC) undertake consideration and development of a model law addressing nonbank data security (cybersecurity) concerns. The purpose of the initiative was to establish CSBS approved model statutory language to be used by states already considering such, and to encourage states that have not passed laws to consider following a uniform model.
The NDSC established a state work group of cyber experts and staff familiar with legislative drafting to consider the states’ needs and propose the model. The work group looked at various frameworks including the NY DFS rule, the National Association of Insurance Commissioners model law, and the Federal Trade Commission’s (FTC) Safeguards Rule under the Graham Leach Bliley Act.
The results of this work are available below for comment.