Client Alert

New York Cybersecurity Requirements Begin to Go Into Effect

08 Sep 2017

On August 28, 2017, the first transitional period for the NYDFS cybersecurity rule (the “Rule”) ended. Covered entities are now expected to satisfy a number of requirements established by the Rule, including those relating to the implementation of a cybersecurity program and cybersecurity policy, as well as to the designation of a chief information security officer.

The next deadline for the Rule is September 27, 2017. Covered entities that have determined that they qualify for a limited exemption under 23 N.Y.C.R.R. 500.19(a)-(d) are required to file a notice of exemption with NYDFS on or before this date.

For more information about the Rule’s requirements and the transitional compliance deadlines, please see our previous Client Alert. In addition, you can visit the NYDFS webpage for more information about the Rule, including FAQs on the Rule provided by NYDFS.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.