Mar 16, 2021
N.Y. cyber security certification of compliance filings due by April 15
All covered entities must certify their cyber security regulation compliance annually with the New York State Department of Financial Services (as required by 23 NYCRR 500). This certification must be filed via the DFS web portal between Jan. 1, 2021, and Thursday, April 15, 2021, so covered entities can attest to their compliance with the regulation for the 2020 calendar year. This requirement also applies to nonresident licensees.
The DFS announced that limited exemptions filed in 2019 still are valid. Covered entities do not need to file a new exemption in 2021. If there has been any change in the exemption status, covered entities should amend or terminate their limited exemption.
If covered entities or licensed people have exemptions that still are valid, they do not need to file a new Notice of Exemption in 2021. If there has been any change in exemption status, regulated entities, or licensed individuals, you should amend or terminate their exemption as soon as possible. You have 180 days from the end of the fiscal year in which they cease to be exempt to comply with all applicable requirements of Part 500.
For more information on the cyber security regulation, see the cyber security section of PIA’s Privacy Compliance Central tool kit, which contains the DFS’ FAQ, a compliance checklist and several additional Ask PIA FAQs.