UPDATE SEPTEMBER 2018: HawkSoft meets the data encryption requirements in Section 500.15 of the regulation.
HawkSoft allows agencies in New York using our agency management system to be compliant with New York's cybersecurity regulation for data encryption. We aren't resting there, though. We are adding additional security measures in our system to ensure continued compliance for future dates identified in 23 NYCRR Part 500.
NY's cybersecurity regulation requires each company to assess its specific risk profile and design a program that addresses risks in a robust fashion.
Section 500.15 Encryption of Nonpublic Information
Deadline to meet requirements of this section: September 1, 2018
This section mandates encryption of data. HawkSoft CMS currently encrypts most of your policyholder's data. We have identified some areas, including attachments, that are not encrypted by default. We will make available an update of HawkSoft's system before the September 1, 2018 deadline to ensure all relevant data is encrypted by default. All agencies using HawkSoft will be compliant with the regluation before the deadline.
Section 500.22(b)(2) Transitional Periods
This section confirms that the deadline for compliance with data encryption requirements is 18 months of the effective date of the regulation. The effective date is March 1, 2017. The compliance date is September 1, 2018. HawkSoft will have all data, including attachments, encrypted well in advance of this compliance date requirement so our NY agencies are compliant with this aspect of the regulation.
If you have any questions about HawkSoft's compliance for 23 NYCRR 500, please contact our support team. We're quick to respond and always happy to help.
Image Source: Syra Arif Sait | LinkedIn