Your guide to NYC's public proceedings.

QUESTION

What are the responsibilities in case of a cybersecurity incident resulting in a data breach involving the city or a vendor?

1:39:19

·

105 sec

Video Player is loading.
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
Â
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected

      The city and vendors share responsibility for data breaches involving the city's data, depending on the circumstances.

      • If an agency is directly impacted by an incident not involving a third party, the city's victim notification process would apply for regulated data elements.
      • For incidents involving third-party vendors that impact the city's data, the city has risk management strategies to ensure proper victim notification by the vendor.
      • In cases where a third-party private company has a breach involving the city's data, the company typically provides 1-2 years of identity monitoring services.