Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Final deadline approaching for NYDFS cybersecurity regulation

Privacy/Cyber Risk & Data Security NYDFS 23 NYCRR Part 500 State Issues Third-Party

Privacy, Cyber Risk & Data Security

On January 31, NYDFS issued a reminder for regulated entities that the final deadline for implementing NYDFS’s cybersecurity regulation ends March 1. Under the new regulation, banks, insurance companies, mortgage companies, money transmitters, licensed lenders and other financial services institutions regulated by NYDFS are required to implement a cybersecurity program to protect consumer data. The last step in the implementation timeline requires covered entities that use third-party providers to put in place policies and procedures ensuring the security of information systems and nonpublic information accessible to, or held by, such third parties. NYDFS also reminded regulated entities that the deadline to file their second certification of compliance via NYDFS’ cybersecurity portal is February 15.

Previously InfoBytes coverage on NYDFS’ cybersecurity regulation are available here.