DFS Issues Amended Proposed Updates to Cybersecurity Regulations
In early July 2023, the NYS Department of Financial Services (DFS) issued revised proposed amendments to its regulations relating to cybersecurity requirements for regulated entities, including Continuing Care Retirement Communities (CCRCs). The new comment period will remain open until this coming Mon., Aug. 14th at 5 p.m.
LeadingAge NY previously worked with affected members to develop and submit comments in response to the original proposed amendments. The agency’s assessment of public response received during that window makes two clear references to our comments: In short, DFS has not made any changes in applicability of the regulations based on the size and scope of a CCRC because it maintains that the requirements are already risk-based. However, the agency did modify the definition of a Class A company in relation to the affiliates that are included and has made several other amendments to the proposed regulations that align with LeadingAge NY's recommendations.
LeadingAge NY has worked to analyze the overall changes and has received helpful input from affected members to inform new comments to be submitted by the association by the Aug. 14th deadline. Members wishing to provide additional feedback should not hesitate to reach out to Annalyse Komoroske Denio (firstname.lastname@example.org) as soon as possible. Alternatively, organizations wishing to submit comments individually may find directions on how to do so here.
Contact: Annalyse Komoroske Denio, email@example.com, 518-867-8866