The New York Department of Financial Services (NYDFS)’s “first-in-the-nation” cybersecurity regulation (“the Regulation”), 23 NYCRR 500, became effective March 1, 2017. The Regulation was designed to “promote the protection of customer information as well as the information technology systems of regulated entities.” 23 NYCRR 500.00.

Although the Regulation includes some limited exemptions, even those exemptions still require entities and individuals licensed by NYDFS (“Covered Entities”)—essentially, banks, insurers and other financial services firms located in and outside of New York—to implement certain cybersecurity programs and practices consistent with the Regulation, including risk assessments and controls for third-party service providers (TPSPs) under section 500.11 of the Regulation.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]