Press Release (ePRNews.com) - SYRACUSE, N.Y. - Feb 22, 2017 - Late last year, when the New York State Department of Financial Services (DFS) issued proposed sweeping cybersecurity regulations that would impose significant new obligations on all covered organizations, Bond, Schoeneck & King attorneys swiftly moved to seek an exemption for institutions of higher education and other not-for-profit organizations. In issuing the Final Regulations (http://www.dfs.ny.gov/legal/regulations/proposed/rp500t.pdf) last Thursday, DFS granted the exemption to hundreds of organizations that otherwise would have faced onerous, costly requirements designed for banks and other financial institutions.
DFS first proposed the new regulations in September 2016, followed by revised regulations on December 28, 2016, allowing for a comment period before issuing the final regulations which will take effect on March 1, 2017.
Developed to cover banks, insurance companies and other financial institutions, the proposed regulations also applied to colleges and universities and other not-for-profit organizations that have a permit from DFS to operate a donor annuity program under the N.Y. Insurance Law Section 1110.
On January 27, 2017, Bond, Schoeneck & King, joined by the Commission on Independent Colleges and Universities (CICU), submitted a letter to DFS urging that colleges and universities, as well as other not-for-profit organizations should be exempt from the Proposed Regulations. Written by Tracy E. Miller, a member of the Firm and Co-Chair of Bond’s Cybersecurity and Data Privacy Practice, the letter (https://www.bsk.com/site/rte_uploads/files/Comments%20on%…) made the case for the exemption by noting, among other reasons, that the proposed regulations would impose an exceptional burden on institutions of higher education and not-for-profits unrelated to their mission, size, resources or operations. In addition, as set forth in Ms. Miller’s letter, these organizations are already covered by other cybersecurity laws and regulations and, in many cases, the data for the donor annuity program is held by the banks, not the institution that the donor is supporting.
As Ms. Miller explained, “this truly was a case of the tail wagging the dog. Donor annuity programs are ancillary to what these organizations do. The regulations would have imposed a costly burden, draining resources from the core mission of institutions of higher education and not-for-profit organizations that are already bound to comply with other laws and regulations to protect the privacy of personal information.”
Without the exemption, hundreds of colleges, universities and other charitable organizations would be bound by the DFS regulations, ranging from some of the largest universities, museums, hospitals, social service and advocacy organizations in the State to smaller organizations that deliver key services.
In issuing the Final Regulations, the Governor’s Office stated that “DFS carefully considered all comments submitted during a 45-day comment period following the publication of the proposed regulation in September 2016 and a 30-day comment period following the publication of the updated proposed regulation in December 2016. Suggestions that DFS deemed appropriate were incorporated in the final regulation.”
Bond, Schoeneck & King PLLC is a law firm with 265 lawyers serving corporations, individuals and public sector entities in a broad range of practice areas including higher education, health care, and exempt organizations. Bond has nine offices in New York State and offices in Naples, Florida and Overland Park, Kansas. Source :
Bond Schoeneck & King