Mar 17, 2020
If you do business in New York: Cyber security certification of compliance filing deadline extended to May 30 due to COVID-19
All covered entities must certify their cyber security regulation compliance annually with the New York State Department of Financial Services (as required by 23 NYCRR 500). This certification would have to have been filed via the DFS web portal between Jan. 1 and April 15, 2020, so covered entities can attest to their compliance for the 2019 calendar year. However, this year’s deadline has been extended until Saturday, May 30, 2020, for regulated entities and persons who are unable to meet the filing deadline due to the outbreak of COVID-19. This extended deadline applies to all effective sections of the regulation.
DFS announced that limited exemptions filed in 2019 are still valid. Covered entities do not need to file a new exemption in 2020. If there has been any change in the exemption status, covered entities should amend or terminate their limited exemption.
For more information on the cyber security regulation, check out the cyber security section of PIA’s Privacy Compliance Central tool kit, which contains the NYDFS’s FAQ and several additional Ask PIA FAQs.