NYCRR 500: New York’s Cybersecurity Requirements for Financial Services

  Introduction In the aftermath of the multiple data breaches, the New York Department of Financial Services (DFS) created 23 NYCRR 500 establishing cybersecurity requirements for financial services companies. Effective March 1, 2017, this regulation is designed to promote the protection of customer information as well as the information technology systems of regulated entities. The…

Read more

Delaware Insurance Data Security Act Summary

Delaware’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Delaware to follow new data security and notification requirements. This article summarizes Delaware’s adaptation of the NAIC Insurance Data Security Model Law. Mission: To protect Delaware residents and insurance companies licensed to do business in Delaware from data breaches. The law requires…

Read more

Indiana Insurance Data Security Amendment to State Insurance Code

Effective July 1, Indiana added a new section to the Indiana Insurance Code (the “Act”) that covers Insurance Data Security. The changes require all regulated insurance companies licensed in Indiana to follow new data security and notification requirements. This article summarizes Indiana’s adaptation of the NAIC Insurance Data Security Model Law into the state insurance code.…

Read more

Virginia Insurance Data Security Act Summary

  Effective July 1, Virginia’s Insurance Data Security Act (the “Act”) requires all regulated insurance companies licensed in Virginia to follow new data security and notification requirements. This article summarizes Virginia’s adaptation of the NAIC Insurance Data Security Model Law. Basic Requirements: Maintain the security of information systems and non-public information Promptly Investigate cybersecurity events Notify Individuals of cybersecurity events Notify the Commissioner of…

Read more

Fill out the form below to download our Data Sheet and Data Minimization Article