Skip to main content

Deadline Approaching under NY Cybersecurity Regulations

If your company is one of the broad group of businesses licensed by the New York Department of Financial Services (NY DFS), a very important deadline is bearing down on February 15.   Regulated entities have under Thursday to attest to their compliance with the first-in-the-U.S. cybersecurity regulations (details and links are in blog post below).   The regulations require that "the Chairperson of the Board of Directors or Senior Officer(s)" must certify (in writing) that the organization is compliant with all the cybersecurity regulations, including systems controls and testing, incident response plans, high-level approvals of written policies, appointment of a Chief Information Security Officer, and cybersecurity reviews.

NY DFS Superintendent Maria Vullo recently issued a reminder of the February 15 deadline, and announced that a cybersecurity review will be included in the DFS' regular safety and soundness bank examinations.


Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.