Governor Signs Insurance Data Security Law

 New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which needs insurers licensed within the state (“licensees”) to place in situ data security programs and report cybersecurity events. Although the Bill takes effect January 1, 2020, licensees have one year from the effective date to implement relevant cybersecurity requirements and two years from the effective date to make sure that their third-party vendors also implement appropriate safeguards to guard and secure the knowledge systems and nonpublic information accessible to, or held by, the third-party service providers.


Key provisions of the Bill include:


Information Security Program. The Bill requires licensees to develop, implement and maintain, supported risk assessments, information security programs that contain administrative, technical and physical safeguards for the protection of nonpublic information and therefore the licensee’s data system . the knowledge security program must “mitigate . . . identified risks” and, among other enumerated requirements, be designed to “define and periodically reevaluate a schedule for retention of nonpublic information and a mechanism for its destruction when not needed.”

Nonpublic information is defined as information that's not publicly available information and is “any information concerning a consumer[,] which . . . are often wont to identify such consumer, together with” Social Security number, driver’s license or non-driver identification card number, financial account or credit or open-end credit number, a security or access code or password that might permit access to a financial account, or biometric information. The term also includes certain healthcare information which will be wont to identify a specific consumer.


Incident Response Plan. As a part of the knowledge security program, licensees also must establish a written incident response plan aimed toward promptly responding to and recovering from cybersecurity events that compromise the confidentiality, integrity or availability of nonpublic information it possesses, the licensee’s information systems or the continuing functionality of any aspect of the licensee’s business or operations.

Breach Notification. Licensees also must notify the state insurance commissioner of a cybersecurity event within three business days of a determination that a cybersecurity event has occurred when the licensee is domiciled in New Hampshire or if the cybersecurity event is fairly believed to possess affected a minimum of 250 New Hampshire residents, among other criteria. The notification must provide certain content, including: (1) the date of the cybersecurity event; (2) an outline of how the knowledge was compromised and the way the breach was discovered; (3) an outline of the precise sorts of information compromised; (4) the approximate number of affected New Hampshire residents; (5) a replica of the licensee’s privacy policy and a press release outlining the steps the licensee will fancy investigate and notify consumers suffering from the breach; (6) the name of a contact person; and (7) a replica of the notice sent to consumers. The Bill requires licensees to notify consumers pursuant to certain provisions of latest Hampshire’s breach notification law.

Recordkeeping. Licensees must maintain records concerning all cyber Insurance In India events for a period of a minimum of five years from the date of the cybersecurity event. additionally , each insurer domiciled within the state must submit an annual written statement by March 1 that certifies that the insurer is in compliance with the wants set forth. These certifications, including supporting records, schedules and data, must be kept for a period of 5 years.

The state insurance commissioner may take Online Fraud Prevention App “necessary or appropriate” action to enforce the new law. Violations of the provisions may end in the suspension or revocation of a licensee’s certificate of authority or license, or an administrative fine of up to $2,500 per violation.

Comments

Post a Comment

Popular posts from this blog

Get The Best Cyber Insurance In India

  Retail Cyber Insurance In India , as the name says is an insurance policy that has been designed to ensure financial safety of individuals from digital frauds carries out through phishing, malware or sim-jacking. Annual premium varies depending on the protection cover you are taking. Premium is not subject to the age of policy holder as it is in the case of life or health insurance. Some plans not only cover monetary losses but also provide cover against legal defence cost. They also cover third party loss as cyber data breach of an individual may lead to monetary loss of others too.
Read more

CYBER LIABILITY INSURANCE

  The frequency of cyber-attacks on financial institutions across the world has drastically increased. There are varied reasons for his or her increase and despite an equivalent we haven’t been keen of the problems that this might cause . Cyber security breaches have been a weapon of state warfare, terrorism, hacktivism and other kinds of criminal breaches which we are unaware of. the straightforward and affordable access to technology has led to extend in both perpetrators and therefore the prey, increase in width of those attacks easiest, being the financial institutions. to intensify this further we have an enormous parallel black market to assuage which is relieved by huge demand of the large data of which the financial institutions are one stop repository. This brings us to crux of the aim of this paper which begins with an issue . is that the Indian financial services industry’s making enough efforts to stop cyber-crime, protect consumers and therefore the organization from s...
Read more

Can My Clients Count on CGL Insurance for Cyber Exposures?

  In general, Commercial General Liability (CGL) insurance may be a must-have for any business. CGL offers protection from loss thanks to injuries or property damage that occur on the premises. However, while CGL is taken into account comprehensive business insurance, it doesn't cover all kinds of risk. Despite the upsurge in incidents in recent years, CGL policies don't typically cover cyber exposures. Because of this coverage gap for cyber incidents, businesses must acquire cyber liability coverage as a separate policy. Still, there's excellent news . Cyber policies are relatively inexpensive to take care of , yet they supply enough protection to save lots of your clients thousands, or maybe many dollars within the event of an event . Read on to find out exactly how CGL insurance works and why your clients should prioritize getting a further cyber policy. What Damages are Covered by a CGL Policy? Commercial general insurance protects your clients’ business from loss thank...
Read more