NY | The Excess Line Association of New York (ELANY) today issued Bulletin No. 2018-27. This bulletin explains the elements of the New York cybersecurity regulation which take effect on September 3, 2018. These include:
- Audit Trail (Section 500.06)
- Application Security (Section 500.08)
- Limitations on Data Retention (Section 500.13)
- Monitoring (Section 500.14(a))
- Encryption of Nonpublic Information (Section 500.15)
Licensees may be exempt from some of these requirements. Therefore, ELANY has published a Compliance Guide to assist licensees in determining which requirements apply and how to meet those requirements.
Additionally, licensees can visit the New York Department of Financial Services (DFS) website for information. Recently, DFS added a section discussing the status of insurance producers as Third Party Service Providers to the FAQ on the website.
Finally, ELANY has partnered with Spot On Insurance to create a podcast containing practical advice from legal and IT experts on meeting the New York cybersecurity requirements. This free resource is available to all.