The insurance industry is well aware that in 2017 the New York Department of Financial Services (NYDFS) passed its landmark cybersecurity regulation for insurance companies and banks, which has now taken effect, and later that year, the National Association of Insurance Commissioners (NAIC) also adopted a model law on data security. However, many companies, who were not subject to the NYDFS because they were not licensed in New York, should be aware that they could soon be subject to cybersecurity regulations as more and more states enact their version of the NAIC model law. So far, South Carolina, Ohio, Michigan and Mississippi have adopted versions of the model law, and many other state legislatures are considering enactment of their own versions. And since the NAIC called on legislatures to adopt its model law within three years when it adopted the law in 2017, it is likely that many more states will enact similar laws next year. As more and more states adopt their own data security requirements for insurance entities, it becomes more urgent for companies to familiarize with the various requirements, and develop a compliance strategy as states enact their own cybersecurity laws. Failure to comply could lead to fines, penalties, and other enforcement actions, as well as expose an entity to reputational risk.

NYSDFS Cybersecurity Regulation

On Feb. 16, 2017, NYDFS promulgated a final regulation on Cybersecurity Requirements for Financial Services Companies. The rule, which took effect March 1, 2017, applies to insurance companies, banks, and other financial services companies regulated by NYDFS, and requires these entities to adhere to new standards to protect consumers from cyber threats.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]