New York State DFS Issues Updated Proposed Cybersecurity Regulation
New York State Department of Financial Services (DFS) Superintendent Maria T. Vullo has announced that the DFS has updated its proposed cybersecurity regulation to protect New York State from the ever-growing threat of cyber-attacks.
The proposed regulation, which serves as the first of its kind in the nation, will be effective March 1, 2017. It will require banks, insurance companies and other financial services institutions regulated by the DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.
“New Yorkers must be confident that the banks, insurance companies and the other financial institutions that they rely on are securely handling and establishing necessary protocols that ensure the security and privacy of their sensitive personal information,” said Superintendent Vullo in a press release issued by the DFS. “This updated proposal allows an appropriate period of time for regulated entities to review the rule before it becomes final and make certain that their systems can effectively and efficiently meet the risks associated with cyber threats.”
The DFS stated in the release that it carefully considered all comments submitted regarding the proposed regulation during the 45-day comment period, which ended on November 14, 2016, and has incorporated those suggestions that it deemed appropriate in an updated draft‎ subject to an additional final 30-day comment period. It will focus its final review on any new comments that were not previously raised in the original comment process.
The updated proposed regulation, which was submitted to the New York State Register on December 15, 2016, and published December 28, 2016, will be finalized following a 30-day notice and public comment period.
Source: New York State Department of Financial Services Press Office
Related: