20 July 2018
Visit www.avoka.com

NYDFS brings in cybersecurity regs

28 August 2017  |  7654 views  |  0 Source: New York State Department Of Financial Services

Financial Services Superintendent Maria T. Vullo reminds all entities covered by the DFS cybersecurity regulation, that today, August 28, 2017, is the first compliance date of New York’s first-in-the-nation cybersecurity regulation.

Beginning today, banks, insurance companies, and other financial services institutions regulated by DFS are required to have a cybersecurity program designed to protect consumers’ private data; a written policy or policies that are approved by the board or a senior officer; a Chief Information Security Officer to help protect data and systems; and controls and plans in place to help ensure the safety and soundness of New York’s financial services industry. Covered entities must also begin reporting cybersecurity events to DFS through the Department’s online cybersecurity portal. In addition, DFS recently announced that covered entities can virtually file notices of exemption, which are due within 30 days of the determination that the covered entity is exempt.

“This day marks a significant milestone in protecting the financial services industry and the consumers they serve from the threat of cyber-attacks,” said Superintendent Vullo. “With cyber-attacks on the rise and comprehensive federal cybersecurity policy lacking for the financial services industry, New York is leading the nation with strong cybersecurity regulation requiring, among other protective measures, set minimum standards of a cybersecurity program based on the risk assessment of the entity, personnel, training and controls in place in order to protect data and information systems.”

A cybersecurity event is reportable if it falls into at least one of the following categories:

  • The cybersecurity event impacts the covered entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or
  • The cybersecurity event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity. Further information regarding the types of events that require reporting can be found here.

All applicable entities covered by the DFS cybersecurity regulation can file cyber notices as detailed above as well as other filings through a secure portal. This portal has been operational to receive notices of exemption, and will allow, by permission, employers to file notices of exemption on behalf of employees or captive agents who are also covered entities where large bulk filings can be facilitated.  

Comments: (0)

Comment on this story (membership required)

Related blogs

Create a blog about this story (membership required)
Visit info.nice.comVisit https://secure.vasco.comVisit iliad-solutions.com/

Top topics

Most viewed Most shared
Calmejane quits Lloyds Bank to join SocGenCalmejane quits Lloyds Bank to join SocGen
12632 views comments | 6 tweets | 7 linkedin
Hong Kong plans September go-live for blockchain-based trade financeHong Kong plans September go-live for bloc...
10037 views comments | 9 tweets | 17 linkedin
Mastercard enlists Worldpay to push Vocalink's Pay by Bank appMastercard enlists Worldpay to push Vocali...
9615 views 19 comments | 15 tweets | 30 linkedin
IBM to test dollar-pegged 'stablecoin'IBM to test dollar-pegged 'stablecoin'
6535 views comments | 4 tweets | 14 linkedin
Bringing about new systems and faster payments globallyBringing about new systems and faster paym...
6367 views comments | 2 tweets | 7 linkedin

Featured job

to GBP £90K base, double OTE (estimate)
London, UK or Europe

Find your next job