Cybersecurity Update: Certification of Compliance Due April 15, 2020

Posted on January 7, 2020

All Covered Entities and licensed persons who are not fully exempt from the Regulation are required to submit a Certification of Compliance no later than April 15, 2020 (extended from February 15, 2020), attesting to their compliance for the 2019 calendar year.

Note: Last year you were required to file two parts, a Notice of Exemption (if you qualified) and a Certification of Compliance attesting to your compliance for the 2018 calendar year. If you filed a Notice of Exemption last year it will not expire for 2020 and you will likely only need to file a Certification of Compliance attesting to your compliance for the 2019 calendar year.

What is Cybersecurity Regulation?
Cybersecurity Regulations became effective on March 1, 2017 and provide that any individual or nongovernmental partnership, corporation, branch, agency, association or other entity operating under a license under New York insurance laws (among others) (“Covered Entities”) are required to formally assess their cybersecurity risks and maintain a cybersecurity program to address such risks. Under these Regulations, Covered Entities are required to comply with a number of detailed requirements. Smaller entities and individuals are entitled to file for a limited exemption eliminating some of the more complex, costly requirements.

Click here for more information regarding Cybersecurity regulation and instructions on how to file a Certification of Compliance.