As previously reported, covered entities (including insurance companies and producers, and other licensees including individuals) that are subject to an exemption under the New York Department of Financial Services Cybersecurity Regulation were required to file a Notice of Exemption by September 27, 2017. Having recently authorized “batch exemption” filings by companies on behalf of 50 or more licensed employees who are covered by the company’s information security program, DFS has now extended the filing deadline to October 30, 2017. The following now appears on the DFS website:
“The Department has extended the initial period for making the filing of the Notice of Exemption required by 23 NYCRR 500.19(e) until October 30, 2017. Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) before October 1, 2017, are now required to file a Notice of Exemption on or prior to this date.
The Department reminds Covered Entities that Notices of Exemption should be filed electronically via the DFS Web Portal (accessible by clicking the orange box marked “Cybersecurity Filing” at the top of [the DFS webpage]). You will first be prompted to create an account and log in to the DFS Web Portal, then directed to the filing interface. That website also contains a copy of the Cybersecurity Regulation and a set of Frequently Asked Questions.”