Craig A. Newman of Patterson Belknap writes:
By today, financial institutions are required to meet their next deadline for compliance with New York’s cybersecurity law. The regulation – enacted in March 2017 –includes a series of rolling deadlines that require banks and insurance companies covered by the law to meet varying data security requirements.
Today’s deadline requires companies to meet five new milestones, mostly technical in nature. Earlier requirements from the New York State Department of Financial Services or DFS cybersecurity regulation focused on developing and implementing written cybersecurity policies and procedures.
Yet, the most difficult requirement for most companies is still six months away. By March 1, 2019, businesses are required to get their third-party vendors in line by adopting policies and procedures that govern the way these outsiders access the company’s network and its most sensitive information.
Read more on Data Security Law Blog.