On August 28, 2017, the first transitional period for the NYDFS cybersecurity rule (the “Rule”) ended. Covered entities are now expected to satisfy a number of requirements established by the Rule, including those relating to the implementation of a cybersecurity program and cybersecurity policy, as well as to the designation of a chief information security officer.
The next deadline for the Rule is September 27, 2017. Covered entities that have determined that they qualify for a limited exemption under 23 N.Y.C.R.R. 500.19(a)-(d) are required to file a notice of exemption with NYDFS on or before this date.
For more information about the Rule’s requirements and the transitional compliance deadlines, please see our previous Client Alert. In addition, you can visit the NYDFS webpage for more information about the Rule, including FAQs on the Rule provided by NYDFS.