NYS DFS Cybersecurity Rules

DFS CyberSecurity Rule

Section 500.13 (Limitations of Data Retention) of this new law requires “secure disposal on a periodic basis
of unneeded or expired records.

  • This law applies to all DFS (Department of Financial Services) Regulated entities in New York State
  • Section 500.13 does not discriminate between digitally recorded or conventionally recorded materials
  • Annual compliance reporting under the law is mandated to DFS in Albany
  • The compliance deadline for Section 500.13 was August 2017.  Deadlines for other sections vary.
  • The law includes conditional exemptions from certain Sections of the law for smaller businesses,
    however, there are no exemptions granted from Section 500.13

Quality Shredding helps companies develop the mandated policies and procedures as part of a compliant secure disposal program!

See video below what Tobi Says about how the DFS Cybersecurity Rule can affect your business: