Transition period under New York cybersecurity regulation ends March 1, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other financial services institutions and licensees regulated by the DFS, will be required to implement third-party risk management programs by March 1. Overview Under the Regulation, all covered entities are required to have a robust cybersecurity program in place that is equipped to protect consumers’ private data including a written cybersecurity policy (or policies) that are approved by the Board of Directors or a Senior Officer; a qualified Chief Information Security Officer (“CISO”) responsible for overseeing and implementing the covered entity’s…

Read more detail on Recent Banking and Finance Law posts –

This entry was posted in Banking and Finance law and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply