X
    X
    X
    X

    New Cybersecurity Requirements coming for NYS DFS Insurers, Producers, and Other Licensees

    Publications
    As previously reported and explained here, the New York State Department of Financial Services (DFS) promulgated a proposed regulation mandating cybersecurity requirements for all licensees, including insurance companies and producers, banks, and others. In response to 150 comments received from the industry, a revised proposed regulation was published December 28, 2016, available here, amending the requirements, and delaying their effectiveness. The regulation, which was to be effective January 1, 2017 will now become effective March 1, thereby delaying the compliance date from July 1 to September 1, 2017. An annual certificate of compliance required of each “Covered Entity” will be required by February 15, 2018. Among the changes from the proposed rule, the reporting requirement for data breaches to DFS within 72 hours was relaxed to exclude incidents that do not present a reasonable likelihood of compromising consumer information, the limited exemption for small entities was expanded, and more flexibility was built into the encryption requirements under certain circumstances where encryption would not be feasible. Nevertheless, the DFS requirements represent a new benchmark that may well be adopted in some form by other states.

    Explore Additional Topics

    Disclaimer

    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.