Join PIA
PIA
Professional Insurance Agents
Members-only

Employees of PIA member agencies may log on below:

Remember me

Register for PIA website | Password help

News and publications

National Sep 28, 2017

PIANY's request for Limited Exemption filing extension granted

The New York State Department of Financial Services announced an extension for filing the Notice of Exemption under its 23 NYCRR 500.19(e) of its cybersecurity regulation to Oct. 30, 2017.

According to the NYDFS notice, "The department has extended the initial period for making the filing of the Notice of Exemption required by 23 NYCRR 500.19(e) until Oct. 30, 2017. Covered Entities that have determined that they qualify for a limited exemption under 23 NYCRR 500.19(a)-(d) before Oct. 1, 2017, are now required to file a Notice of Exemption on or prior to this date."

Professional Insurance Agents of New York State and the IIABNY requested this extension in a letter and in previous meetings with Gov. Andrew M. Cuomo’s executive staff and the NYDFS.

PIA has been on the forefront assisting PIA members with the ins and outs of the new cybersecurity regulation. Are you confused about what this all means? If so, feel free to contact PIA's Industry Resource Center at resourcecenter@pia.org or call (800) 424-4244 and our technical staff will be able to walk you through the requirements.

Who needs to comply?

All insurance agents, brokers and companies that are licensed in New York state are subject to the requirements of this regulation. This includes nonresident licensees. Covered entity means "any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law."

When do I need to comply?

The effective date of the new regulation was March 1, 2017.

You had until Aug. 28, 2017, to become compliant. This is the earliest that you must comply with any part of the regulation. Additionally, there are phase-in transition periods for the different provisions.

  • On or before Sept. 27, 2017 (extended to Oct. 30, 2017)—initial 30-day period for filing Notices of Exemption.
  • On or before Feb. 15, 2018—the first annual certification of compliance will be due to the New York State Department of Financial Services.

What do I need to do?

Everything you need to do is outlined in PIA’s New York’s cybersecurity regulation in a nutshell—23 NYCRR 500. Again, if after reviewing this information, you have any questions, contact PIA’s Industry Resource Center.

Want to learn more?

PIA offers its Privacy Compliance Central tool kit with access to a library of information on this regulation, including in-depth resources to help you comply; the final regulation; answers to commonly asked questions about this new regulation; QuickSource documents; and information on TAG Solutions’ Compliance Plus and Do-It-Yourself programs.

9/17

Think PIA first

NATIONAL CONNECTICUT NEW HAMPSHIRE NEW JERSEY NEW YORK Vermont PIA in the News