On December 28, 2016, the New York State Department of Financial Services (NYDFS) released a significantly revised version of its controversial, proposed cybersecurity rules, initially proposed in September of last year. As we noted in our Client Alert at that time, the rules as originally proposed would have created one of the most comprehensive and detailed cybersecurity standards in the country, and would have created significant compliance and implementation challenges. As a result, the original proposal generated significant industry outcry, calling into question, among other things, the original proposal’s workability. Like the original proposal, the revised proposal would apply to any person “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under” New York banking, insurance and financial services law, including, for example, commercial banks, foreign banks with New York State-licensed offices, mortgage brokers and servicers, small-loan lenders, and money transmitters doing business in New York. The comment period regarding the revised proposal closes on January 27, 2017.
Read our client alert.