ALL individuals should have filed for exemption 500.19(b) by October 30, 2017 if they are covered by the cybersecurity program of another Covered Entity.
Directions on how to file for individual exemption (pdf)
1 |You should have filed your limited exemption
(This was required by October 30, 2017)
Your agency qualifies for a limited exemption if any of the following apply to it:
Fewer than 10 employees (including independent contractors)
Less than $10 million in year-end total assets
Less than $5 million in gross revenue
We at Big I New York are very proud of the hard work and great success we had in expanding the limited exemption, thus allowing more agencies to be included in it and drastically reducing the hardship it presents.
Note: A limited exemption does not get you completely off the hook, but it drastically reduces the number of required actions.
File notice of limited exemption with DFS | How: Complete online filing
Don't qualify for the limited exemption? Don't worry, we will help you comply.
2| Complete the following requirements
All Agencies (including those with limited exemption)
Agencies WITHOUT Exemption Must Also
Develop an incident response plan
Employ cybersecurity personnel
Every Year | Annual Certification of Compliance (for business entity licenses)
You should have already completed Steps 1 and 2 below before completing this step.
You must file your Annual Certification of Compliance no later than February 15 every year. You will file it the same way you filed your limited exemption – online at the DFS website. You will be certifying that you are in compliance with the DFS Cybersecurity Regulation each year.
Big I Members Outside NY
Thanks to the relationship with your state association, Big I members from outside of NY can access and use this document.
How: Click here
(will open in new window); Enter password provided by your state; Click 'download' in top right corner
Note - Many agencies would benefit from the guidance of a cybersecurity professional. We connected with providers across NY to learn which areas each can lend expertise to. The result - a grid of providers for you to choose the right fit for your agency. View the directory