Virginia’s New Record Sealing Laws Give a Second Chance to Reformed Individuals
Earlier this year, we covered Kansas City’s efforts to expand employment protections for individuals with criminal histories. Meanwhile, Virginia has...
With Verified Credentials' mobile-first candidate experience, you meet candidates where it's most convenient. Learn how easy we make it.
|
Now offering DOT services!Get your drivers on the road quickly and meet DOT regulations. |
Learn the latest trends in employment background checks. This report uses real-life usage data to uncover how employers are screening across industries.
Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.
Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.
3 min read
Verified Credentials Dec 26, 2024 11:05:48 AM
In 2017, the New York State Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Service Companies (23 NYCRR 500) was enacted to better regulate and protect customer data. The requirements were revised again on November 1, 2023.
On October 16, 2024, the NYDFS issued new guidance focused on cybersecurity risks, specifically related to the uptick in cybercriminals using artificial intelligence (AI) to commit crimes at greater scale and speed. The guidance addresses businesses regulated by the NYDFS that use AI or outsource business to entities that use AI. However, the insights provided may offer an instructive framework effective for all organizations to consider.
The primary goal of the guidance is to help assist “Covered Entities”—that is, those entities regulated by NYDFS—in understanding and assessing their cybersecurity risks associated with the use of AI, as well as the controls organizations can implement to mitigate these risks.
The guidance identifies four primary threats associated with AI:
The NYDFS guidance offers some more detailed examples of controls and measures Covered Entities may take to mitigate AI-related cyber threats.
Verified Credentials is committed to using AI responsibly and safely to protect our systems and client information. The company is audited annually by TrusteArc (TRUSTe) for privacy standards and by independent auditors for compliance with SOC 2, Type 2. Verified Credentials is also a founding member of the Professional Background Screening Association (PBSA) and is compliant with its rigorous standards.
Our internal AI use policies were adopted from the policy principles established in the National Institute of Standards (NIST) 800-53(r5) Planning (PL) control family and the NIST AI Risk Management Framework publications.
Verified Credentials’ Artificial Intelligence Governance and Use policy aims to ensure that AI technology is ethically used to enhance productivity, efficiency, and decision-making while complying with applicable law; and respecting privacy, confidentiality, and data security. Notably, our policy aligns with the guidance established by NYDFS.
Although the guidance only addresses organizations regulated by the NYDFS, with the uptick in the use of AI among organizations and cybercriminals alike, the guidance may provide useful information for all organizations to consider. The guidance calls for employers to train employees on the proper use of AI, stating that many AI-driven attacks are aimed at employees in hopes of obtaining proprietary company information. Employers regulated by the NYDFS should remain aware of AI-related cybersecurity risks mentioned, especially as they pertain to employee AI use and training, as well as third-party vendor management.
To learn more about the guidance from NYDFS, take a look at the official newsletter here.
This article is for informational purposes only and does not constitute legal advice. Employers should consult their legal counsel before taking any action.
Earlier this year, we covered Kansas City’s efforts to expand employment protections for individuals with criminal histories. Meanwhile, Virginia has...
Although other states and jurisdictions have implemented laws and regulations to address certain aspects of AI use in business scenarios, Colorado...
In 2014, Minnesota implemented a “ban the box” law (Minnesota Statute 364.021) to help create a fairer hiring climate for Minnesotans with a criminal...
In December 2024, New York Governor Kathy Hochul signed two bills amending the state’s current data breach notification law. Senate Bill S2659B and...
A proposed class-action lawsuit filed against Whole Foods Market Group, Inc., Amazon.com, Inc., and Cornucopia Logistics, LLC (“Defendants”) is one...
On January 29, 2020, the United States House of Representatives passed the “Comprehensive Credit Reporting Enhancement, Disclosure, Innovation, and...