Join PIA
PIA
Professional Insurance Agents
Members-only

Employees of PIA member agencies may log on below:

Remember me

Register for PIA website | Password help

News and publications

Nov 15, 2016

PIANY submits comprehensive comments on proposed NYDFS cybersecurity regulations

PIANY this week submitted formal, comprehensive comments on the recently published draft New York State Department of Financial Services regulations establishing cybersecurity requirements for all licensed entities. The regulations will affect all entities and individuals licensed by the NYDFS, including agents and brokers. PIANY conducted a survey of its membership to assess levels of readiness for the minimum standards of the regulation and found that independent agents and brokers need time to prepare for these complex cybersecurity compliance regulations. The survey also indicated that the impact of the regulations as proposed on agents could be severe.

In addition to pointing out that many definitions, including "cybersecurity event" and "nonpublic information," are too broad to the point of being unworkable. The 72-hour notice to NYDFS requirement of any cybersecurity event is too short and could actually harm investigations. The draft regulation contains many vague, undefined terms, and PIANY suggested changes specific to the proposal's impact upon agents and brokers.

PIANY believes too many individuals and entities would be subject to this regulation and suggested modifying the exemption threshold to exclude or greatly reduce the impact on small and medium sized agencies. All licensed individuals and entities are already subject to the cybersecurity provisions of Regulation 173 in New York. PIANY also urged a phase-in of all applicable provisions of the regulation, citing survey results that indicate agents and brokers will require significant time to identify and adopt policies and procedures to comply with the regulation's requirements. PIANY also strongly advocates for changes to the regulation to clarify that agents and brokers should not be classified as both "covered entities" and "third parties." PIANY also believes the regulation should not make agents responsible to ensure nonlicensed third-party compliance.

This letter was the third such communication PIANY has endorsed, including joint letters authored by insurance carriers and the leading state's business group. It also follows multiple meetings PIANY had with top NYDFS staff to speak directly to the proposed regulations provisions. The 45-day comment period has now ended and PIANY awaits a response from the NYDFS to the hundreds of comments submitted on the proposal by PIANY members and other interested parties. PIANY expects some version of the regulation to be effective Jan. 1, 2017, and will work to ensure agents and brokers are provided with all the resources and information they need to comply with the provisions of the final regulation.

NATIONAL CONNECTICUT NEW HAMPSHIRE NEW JERSEY NEW YORK Vermont PIA in the News