New York’s Cybersecurity Regulation Compliance Requirements Go Into Effect

August 29, 2017

Financial Services Superintendent Maria T. Vullo reminded all entities covered by the New York State Department of Financial Services’ (DFS) cybersecurity regulation that yesterday, August 28, 2017, was the first compliance date of this first-in-the-nation cybersecurity regulation.

“With cyber-attacks on the rise and comprehensive federal cybersecurity policy lacking for the financial services industry, New York is leading the nation with strong cybersecurity regulation requiring, among other protective measures, set minimum standards of a cybersecurity program based on the risk assessment of the entity, personnel, training and controls in place in order to protect data and information systems,” said Superintendent Vullo in a press release issued by DFS.

Beginning yesterday, banks, insurance companies and other financial services institutions regulated by DFS are required to have a cybersecurity program designed to protect consumers’ private data, a written policy or policies that are approved by the board or a senior officer, a Chief Information Security Officer (CISO) to help protect data and systems, and controls and plans in place to help ensure the safety and soundness of New York’s financial services industry.

Covered entities must also begin reporting cybersecurity events to DFS through the Department’s online cybersecurity portal. In addition, DFS recently announced that covered entities can virtually file notices of exemption, which are due within 30 days of the determination that the covered entity is exempt.

A cybersecurity event is reportable if it falls into at least one of the following two categories:

  • The cybersecurity event impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or
  • The cybersecurity event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity.

Source: The New York State Department of Financial Services

Related:

Topics Cyber New York Legislation

Was this article valuable?

Here are more articles you may enjoy.