New York Title 23
Title 23 is a section of New York Codes, Rules and Regulations (NYCRR) 500 that covers regulation of organizations operating in the state of New York subject to NY Department of Financial Services oversight. This includes entities regulated by NY Banking Law, Insurance Law and Financial Services Law.
Compliance with NY Title 23 includes that those covered entities protect the financial and other personal data they collect. These entities must also notify any affected individuals within 72 hours of a breach of their data once determining that a breach has occurred. Protections of personal data include maintaining audit trails designed to detect and respond to Cybersecurity Events (§500.06) and implementing measures designed to monitor the activity of Authorized Users and detect unauthorized access or use of, or tampering with, Nonpublic Information by such Authorized users (§500.14).
Organizations subject to NY Title 23 can face loss of licenses and financial fines of up to $250,000 fine or 1% of total assets of the organization and 1% of total assets of subsidiaries.