Ask Tim; Cyber

NY Cybersecurity Regulation: Data Retention & Disposal Requirements

Body: ​Question from a Big I NY member: "Question regarding data retention.  In our agency management system (AMS), we retain files as long as the provider does.  Is that acceptable?  We do so for protection, ie., say we wrote life insurance and fifteen years later the client dies and the company claims some type of misrepresentation from insured on application. We would want all of the backup notes, signed forms, questionnaires.  Is this okay?  I could not find on your website anything addressing this besides that we need to keep for the required legal periods, say seven years as a minimum, but what about longer?Also, say a client leaves us, I do…

Continue ReadingNY Cybersecurity Regulation: Data Retention & Disposal Requirements

Enhanced Cybersecurity Requirements Coming May 1

Abstract: All New York regulated financial services companies, including insurance agencies, must implement additional cybersecurity procedures by May 1. Body: ​All New York regulated financial services companies, including insurance agencies, must implement additional cybersecurity procedures by May 1. These requirements are part of the 2023 amendments the New York State Department of Financial Services (DFS) made to the state's financial services cybersecurity requirements.While most Big I New York member agencies have fewer than eight employees and do not have a staff person known as a “system administrator," some may have one who performs some administration functions. A system administrator has special systems access, allowing them…

Continue ReadingEnhanced Cybersecurity Requirements Coming May 1

Another Resource To Help with Cyber Reg Compliance

Abstract: The new tool helps agencies that qualify for the limited exemption identify the requirements that apply to them. It also informs the agency as to which filing it must submit before the April 15 deadline. Body: ​ We are pleased to announce the creation of another new resource to help inde​pendent insurance agencies comply with the New York financial services cybersecurity regulation. The new tool helps agencies that qualify for the limited exemption identify the requirements that apply to them. It also informs the agency as to which filing it must submit ​​before the April 15 deadline. Section 500.17(b) of the regulation requires all "covered…

Continue ReadingAnother Resource To Help with Cyber Reg Compliance