Coronavirus and Data Protection: New York Department of Financial Services had extended the deadline for compliance with its cybersecurity requirements.

• The Superintendent of Financial Services of the State of New York recognizes that COVID-19 may present compliance challenges for certain regulated entities and persons in meeting their legal obligations.
• Therefore the deadline for submission of Certifications of compliance with cybersecurity requirements, and transaction monitoring and filtering programs, is extended by 45 days from the original due date.
• Several other deadlines were extended as well, but the extensions did not include the notification of a cybersecurity event within 72 hours.

In this NYDFS joins many regulators in the extension of compliance deadlines for various laws in the wake of the COVID-19 crisis. Several U.S. states have also made resolutions to toll the statute of limitations.

This comes after requests have been made to the California Attorney General to take similar steps to extend the enforcement deadline for the California Consumer Privacy Act (CCPA) beyond July 1, 2020. Recently, it was reported the the AGs office does not intend to delay enforcement at this time.