Skip Ribbon Commands
Skip to main content
Aug 22
Big I NY Submits Comments on Draft Cyber Regulation Amendments

This week, Big I NY submitted commen​ts on the DFS' pre-proposed draft amendments to the Cyber Regulation. You can read more about the draft amendments in an earlier post here.​

In our comments, we recommended changes to the amendments that would help alleviate new burdens on producers, while still ensuring non-public information (NPI) is protected.

Some of the key points include:

  • Expanding the revenue threshold of the limited exemption to correspond with the proposed higher thresholds for employee count and assets, and clarifying that only independent contractors with access to NPI be counted towards the employee count.
  • Expanding the total exemption for inactive licensees to include brokers in addition to agents.
  • Exempt covered entities from the requirement to “cross police" each other as third party service providers, consistent with regulations adopted in nearly half of all states.
  • Remove the proposed requirement that covered entities not in compliance certify their noncompliance annually and specifically identify cybersecurity deficiencies.
  • Clarify that risk assessments need only be conducted annually if there is a material change to the entity's cybersecurity risk.
  • Clarify that penalties are assessed after a failure to comply with the regulation only where such noncompliance is intentional, and lengthen that time period from 24 to 72 hours.

You can read our full comments here. The DFS will now consider the pre-proposal feedback, then release the official proposed amendments. At that point, stakeholders will have further opportunity to provide additional comments before the regulation is adopted. ​


There are no comments for this post.

 ‭(Hidden)‬ Blog Tools