New York’s DFS Cyber Deadlines Loom

Patterson Belknap Webb & Tyler LLP
Contact
LinkedIn
Facebook
X
Send
Embed

It’s a marathon month for the thousands of financial institutions and insurance companies covered by New York’s landmark cybersecurity regulation. In little more than a week, these businesses must file their second annual certification of compliance with the State’s Department of Financial Services. Two weeks later, they must also come into compliance with the regulation’s third-party vendor requirements, the final milestone in the two-year roll out of the cybersecurity regulation.

Late last week, outgoing DFS Superintendent Maria T. Vullo issued a “reminder” that the second annual certification must be filed via the DFS cybersecurity portal on or before February 15, 2019, and that by March 1, 2019, businesses using third-party vendors must adopt policies and procedures governing the way outsiders access the company’s network and sensitive information.  We previously blogged about the third-party requirements.

Superintendent Vullo’s press release also noted that, as of March 1, 2019, each DFS-regulated business must have in place the following, many of which are from earlier DFS implementation deadlines:

  • A cybersecurity program designed to protect consumers’ private data;
  • Written cybersecurity policies approved by the board or a senior officer;
  • A Chief Information Security Officer (CISO) to help protect data and systems and to enforce the requirements of the regulation within their own institution;
  • Policies and procedures governing third-party providers; and
  • Controls and plans to help ensure the safety and soundness of New York’s financial services industry.

“With the deadline for final implementation nearing,” said Superintendent Vullo, “[a]ll DFS-regulated institutions should now have in place a comprehensive risk-based cybersecurity program and adequate controls to protect their information systems, with senior-level attention to these protections.”

With the end of the implementation period now in sight, some are beginning to consider the possibility that enforcement actions might follow. While DFS has not brought many major cyber enforcement actions to date, regulators may be inclined to begin testing the waters to see how businesses have implemented the regulation’s requirements. We’ll continue to report on all DFS cyber major developments.

 

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Patterson Belknap Webb & Tyler LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide