On Monday, Superintendent Maria T. Vullo of the New York State Department of Financial Services (“DFS”) issued a reminder about the upcoming certification deadline under the DFS’s landmark Cybersecurity Regulation (“Regulation”). Superintendent Vullo stated that “[t]he DFS compliance certification is a critical governance pillar for the cybersecurity program of all DFS regulated entities.” Accordingly, by February 15, 2018, all Covered Entities under the Regulation must file the first compliance certification with DFS. The compliance certification is a statement to the Superintendent that demonstrates compliance with the Regulation during the preceding calendar year.
Superintendent Vullo also indicated that DFS will now include cybersecurity questions and topics in the initial notices that DFS issues to financial services companies before undertaking targeted examinations of a company’s market conduct. All indications are that DFS is focused on compliance with the Regulation and expects well-tailored cybersecurity programs to be in place.
Phillips Lytle’s Data Security & Privacy Practice Team has experience with compliance matters under the Regulation. For questions regarding the Regulation generally or the upcoming certification deadline, please contact Jennifer A. Beckage at (716) 847-7093, jbeckage@phillipslytle.com; Lauren Adornetto at (716) 847-7013, ladornetto@phillipslytle.com; or any member of the firm’s Data Security & Privacy Practice Team.