On December 28, 2016, the New York State Department of Financial Services (NYDFS) updated its proposed cybersecurity regulation to protect New York State.  The proposed regulation is effective March 1, 2017, and requires banks, insurance companies and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect consumers and ensure the safety and soundness of New York State’s financial services industry.  Entities covered by the rule include “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law.”  We last reported on the draft version of these rules in a previous post.

The rule was issued after receiving comments on the proposed rule due November 14, 2016.  The updated proposed regulation, which was submitted to the New York State Register on December 15, 2016 and published on December 28, will be finalized following an additional 30-day notice and public comment period, which ends 30 days from publication, or Friday, January 27, 2017.

You may view the updated proposed regulation by clicking here.