If you are a financial services company doing business in New York then you know that the NYDFS Cybersecurity regulations are in effect and you have limited time left to ensure compliance. Not sure if that’s you? If you are a:
- State-chartered bank
- Licensed Lender
- Private banker
- Foreign bank licensed to operate in New York
- Mortgage company
- Insurance company
- Service provider
then you likely have to comply (there are exceptions of course, particularly around smaller companies, so make sure you check that out).
The date everyone is concerned about now is September 4th. That’s when the “Eighteen-month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500.”
The one section of the regulation that we pay a lot of attention to is Section 500.13 Limitations on Data Retention. According to the regulations,
“As part of its cybersecurity program, each Covered Entity shall include policies and procedures for the secure disposal on a periodic basis of any Nonpublic Information identified in section 500.01(g)(2)-(3) of this Part that is no longer necessary for business operations or for other legitimate business purposes of the Covered Entity, except where such information is otherwise required to be retained by law or regulation, or where targeted disposal is not reasonably feasible due to the manner in which the information is maintained. “
If you are scrambling to meet the data retention requirements defined in Section 500.13, you aren’t alone.
Fortunately, there are new technologies to help you quickly implement the retention rules required to meet these compliance regulations. Combined with an agile project plan, it is possible to get basic retention rules in place and implemented in a matter of months instead of years.
On September 12th we are having a webinar on this section of the regulation. Ken Lownie, our COO has been studying the regulation closely and talking to customers about the best way to move forward. Ken will share his ideas on how to execute a rapid retention management initiative, including a three-month project plan that leverages scrums and sprints to implement the data retention rules.
We’ll also look at how one company took this approach and found success.
His goal and ours is to have you walk away with an actionable plan you can use to ensure your company is in compliance. Register for the webinar: Hacking NYDFS Data Retention Rules in Three Months today.