On September 1, 2018, the next New York State cybersecurity law compliance deadline will go into effect. The law was originally passed in March 2017, but deadlines for various aspects of compliance have gradually been put in place over the past two years.
For this upcoming deadline, financial institutions will be required to maintain an audit trail for all financial transactions for five years. Encryption will be required for all regulated data and such data must be erased when it is no longer needed. For security events, banks will be required to maintain an audit trail for three years. Prior to this deadline, banks have only been required to maintain such data for between 30 and 60 days. The penalty for noncompliance has not been announced by the New York Department of Financial Services up to this point.