Follow Us

Law.com Subscribers SAVE 30%

Call 855-808-4530 or email GroupSales@alm.com to receive your discount on a new subscription.

Cybersecurity Technology Media and Telecom

New York Releases Updated Proposed Cybersecurity Regulation

Minimum standards proposed in September have been updated to provide more wiggle room for banks, financial institutions and insurance companies operating in New York.

X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

On December 28, the New York State Department of Financial Services (DFS) issued an updated version of its first-in-the-nation cybersecurity regulation after having “carefully considered all comments submitted” during the comment period following the issuance of the original regulation in September.  The comments received by the DFS included a strongly worded and detailed letter authored by banking and insurance industry groups.  The updated draft is subject to an additional comment period of 30 days and the final version will become effective March 1, 2017. The updated proposed regulation provides significantly more wiggle room than the original version, shifting from an approach that enforces minimum standards to a risk-based approach with increased transition periods for compliance.  A few highlights of the changes are summarized below:

Timeline

In addition to the delayed effective date of March 1 (from January 1)and the default transition period of 180 days to comply (which now runs on August 28, 2017), the DFS has built in longer transition periods for certain sections.  New deadlines include:

Read These Next