New York State Department of Financial Services (“NYDFS”) Superintendent Maria Vullo reminded NYDFS-regulated entities that they must be in full compliance with the requirements of the NYDFS’s cybersecurity regulation by March 1, 2019.
The NYDFS cybersecurity regulation requires banks, insurance companies and other institutions regulated by the NYDFS (“covered entities”) to implement a cybersecurity program to protect consumer data (see previous coverage). The NYDFS cybersecurity regulation went into effect on March 1, 2017, subject to a two-year implementation timeline. The final step in the implementation timeline requires covered entities to adopt policies governing arrangements with third-party providers that have access to firms’ nonpublic information. The NYDFS also reminded firms to file a certificate of compliance for the prior calendar year by February 15, 2019.
Lofchie Comment: As previously described, the NYDFS rules are open-ended, complex and burdensome and will result in creating many new ways for the government to collect fines when something goes wrong.