WASHINGTON, D.C. (PRWEB) January 31, 2017
The American Insurance Association submitted comments on the revised New York Department of Financial Services (DFS) Cybersecurity Regulation. DFS provided a second 30-day comment period to allow stakeholders an additional opportunity to comment on the revised regulation, which currently has an effective date of March 1, 2017. AIA was encouraged by the risk- focused direction of the revised regulations. Overall, greater flexibility allows companies to adapt to the evolving threat landscape and emerging technologies in a manner that best fits their risk profile.
While the revised regulation is a positive step in the right direction, there are a few areas where additional changes or clarification may be warranted in order to better reflect the stated intent of a risk-based approach. Specifically, AIA has suggested technical changes to the definition of nonpublic information, audit trail requirements, group reporting requirements, confidentiality, compliance deadlines, third party service providers, and notice requirements.
A brief statement by Alison Cooper, Northeast Region Vice President, follows:
“AIA thanks the Department of Financial Services for working with industry to addressing concerns with the original proposed cybersecurity regulation. The revised regulation better reflects a risk-based approach and allows greater flexibility for companies to continue to advance strong cybersecurity programs that fit their risk profile. We share the Department’s commitment to ensuring that consumers and financial institutions are protected to the greatest extent possible from cyber threats, and have offered a number of additional technical suggestions and clarifications to the revised regulation that will help us to best achieve that goal.”