Your guide to NYC's public proceedings.
QUESTION
What are the responsibilities in case of a cybersecurity incident resulting in a data breach involving the city or a vendor?
1:39:19
·
105 sec
Video Player is loading.
The city and vendors share responsibility for data breaches involving the city's data, depending on the circumstances.
- If an agency is directly impacted by an incident not involving a third party, the city's victim notification process would apply for regulated data elements.
- For incidents involving third-party vendors that impact the city's data, the city has risk management strategies to ensure proper victim notification by the vendor.
- In cases where a third-party private company has a breach involving the city's data, the company typically provides 1-2 years of identity monitoring services.