Those individuals who hold a New York state insurance license (covered entities), including nonresident licensees, have until Saturday, April 15, 2023, to certify their compliance with the requirements of New York state’s cyber security regulation (23 NYCRR 500) for calendar-year 2022.
The filing is required for all those not covered by another covered entity’s information system. This certification, which is required annually, must be filed via the New York State Department of Financial Services’ web portal between Jan. 1, 2023, and April 15, 2023.
Still have questions?
Check out PIA’s QuickSource QS31436, titled Certification of compliance: a guide for more details. For more information on the cyber security regulation, access the cyber security section of PIA’s Privacy Compliance Central tool kit, which contains the DFS’s FAQs for producer and individual licensees and several additional Ask PIA FAQs.
Had a potential breach?
An agent who believes that his or her agency has had a potential security breach must notify the DFS through its secure web portal. Don’t go down this road alone. PIA offers agents and brokers many quality data breach/cyber liability coverage options. To learn more, contact the PIA Member Services Department at (800) 424-4244.
Regulation amendments on the horizon
The DFS issued a proposed second amendment to 23 NYCRR 500. PIA has submitted comments on this proposal and has developed a step-by-step analysis of the changes outlined in this new proposal. Currently, we are waiting for the DFS’s final regulation, which is expected later this spring. PIA will continue to keep you apprised of these updates as they are released.