What do you need to do?
Start here. We'll walk you through it.
STEP 1 | Determine if you qualify for a limited exemption
Your agency qualifies for a limited exemption if any of the following apply to it:
- Fewer than 10 employees (including independent contractors)
- Less than $10 million in year-end total assets
- Less than $5 million in gross revenue
We at IIABNY are very proud of the hard work and great success we had in expanding the limited exemption, thus allowing more agencies to be included in it and drastically reducing the hardship it presents.
Note: A limited exemption does not get you completely off the hook, but it drastically reduces the number of required actions.
Don't qualify for the limited exemption? Don't worry, we will help you comply.
STEP 2 | Complete the round 1 requirements by August 28
Complete the following actions by August 28, 2017
Agencies with Limited Exemption
File notice of limited exemption with DFS (you have 30 days from this date to submit) | How: Complete online filing
All Agencies (including those with limited exemption)
Agencies WITHOUT Exemption Must Also
Develop an incident response plan
Employ cybersecurity personnel
Note - Many agencies would benefit from the guidance of a cybersecurity professional. We connected with providers across NY to learn which areas each can lend expertese to. The result - a grid of providers for you to choose the right fit for your agency. View the directory
STEP 3 | Coming Soon
Completing steps 1 and 2 will get fulfill your requirements for 2017. Yay!
That said, it's best to get started on the next set of requirements. We'll be back here next week with guidance on your next steps.