On December 28th, 2016, the New York State Department of Financial Services (DFS or the Department) published a revised version of its proposed regulation governing cybersecurity requirements for all entities required to operate in New York under a license, registration, or similar authorization issued by the Department (the Revised Proposal). Its provisions are scheduled to take effect on March 1, 2017, with phased-in implementation dates. DFS received over 150 comments in response to its originally proposed cybersecurity regulation (the Original Proposal), which led to the issuance of the Revised Proposal. Many of the comments addressed the perceived rigidity and excessively prescriptive requirements of the Proposal’s core provisions. Although the Revised Proposal included some significant revisions addressing those comments, a number of open questions remain. The publication of the Revised Proposal triggers a new opportunity for public comment, which continues until January 27th, 2017. The final version of the regulation could have a significant impact on entities nationwide, as the DFS language has the potential to become a template used throughout the country.
To learn more about this, please see the GT Alert “NYS Department of Financial Services Releases Revised Proposed Addressing Cybersecurity Requirements for Financial Institutions.”