United States: New York State Department Of Financial Services Reminds Institutions Of Upcoming Deadline For Cybersecurity Certification

On January 22, 2018, New York State Department of Financial Services Superintendent Maria Vullo issued a press release reminding regulated entities and licensed persons of the NYDFS's upcoming February 15, 2018 compliance certification deadline under New York's cybersecurity regulation that was implemented in March of 2017. New York's cybersecurity regulation generally requires: (i) that regulated entities establish, review and assess cybersecurity policies and procedures designed to protect consumer data; (ii) that regulated entities have a Chief Information Security Officer; and (iii) that the policies and procedures are approved by an entity's board of directors or a senior officer. Covered entities and individuals will be required to submit the certification, which attests to compliance with New York's cybersecurity regulation for 2017, through the NYDFS's cybersecurity portal. The press release also provides a link to a series of frequently asked questions regarding the cybersecurity regulation generally, and the upcoming filing deadline, including which subparts of the regulation are applicable to this year's certification, and those that will be applicable to the 2019 certification. Superintendent Vullo also announced that the cybersecurity evaluation will be incorporated into all NYDFS examinations of regulated entities.

The full text of the press release and link to frequently asked questions regarding the cybersecurity regulation are available at: http://www.dfs.ny.gov/about/press/pr1801221.htm.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.