LeadingAge NY Submits Comments on Proposed Updates to DFS Cybersecurity Regulations

LeadingAge NY has submitted comments on the proposed second amendment to 23 NYCRR Part 500 (the Department of Financial Services (DFS) Cybersecurity Regulation) on behalf of affected members, including Continuing Care Retirement Communities (CCRCs).

While LeadingAge NY and its members appreciate the State’s response to the need for organizational cybersecurity practices to evolve as cyberattacks and other threats to consumer data become more sophisticated, CCRCs control far fewer assets and serve far fewer people than most financial institutions under the purview of DFS. Unlike banks and most insurers, which transact with thousands of customers via traditional and e-commerce, New York’s CCRCs collect funds from only about 262 prospective and existing residents annually, on average. For this reason, some elements of the regulation as proposed would likely prove unnecessarily burdensome and unduly costly for these organizations, and we urge the State to appropriately tailor its cybersecurity requirements for CCRCs to their unique size, scope, and risk level.

Members may access LeadingAge NY’s full response here.

Contact: Annalyse Komoroske Denio, akomoroskedenio@leadingageny.org, 518-867-8866