On July 15, 2021, the Governor had signed Act 73 into law creating new cybersecurity requirements for protecting data collected by the insurance industry.
The Act was derived from model legislation developed by the National Association of Insurance Commissioners, incorporating input from all participating state insurance commissioners, industry stakeholders, and consumer representatives.
The law will require anybody licensed with OCI to develop an information security program that protects its systems and data. Within one year, they must also conduct a risk assessment and address any areas that put their consumer’s data or their IT systems at risk. The law also requires insurers to develop an incident response plan and provide notice in a timely manner to consumers affected by a data breach.
Read the Act HERE