Blog service

Data Matters Privacy Blog Kentucky and Maryland recently joined other states in adopting the NAIC’s Model Data Security Law.

Posted on Author Warren C. Carruthers Comments Off on Data Matters Privacy Blog Kentucky and Maryland recently joined other states in adopting the NAIC’s Model Data Security Law.

Kentucky and Maryland recently continued the trend of state insurance departments adopting a version of the National Association of Insurance Commissioners’ (“NAIC”) model insurance data security law. Kentucky Governor Andy Beshear signed House Bill 474 into law, and Maryland Governor Larry Hogan signed SB 207.

Like the Model Law on which both are based, the laws require licensees in their states to maintain, among other things, a comprehensive written information security program, perform a risk assessment to determine s It is appropriate to implement certain technical safeguards such as multi-factor authentication and encryption, develop an incident response plan, and require third-party service providers to implement security measures.

The laws also require that certain cybersecurity events be notified to the appropriate state insurance commissioners within three business days of determining that a cybersecurity event has occurred. “Cyber ​​Security Event” is defined as an “event resulting in unauthorized access to, disruption of, or misuse of an information system or information stored on that information system.” Notification requirements vary slightly; but, generally, notification is required for a cybersecurity event if:

  1. state is the state of domicile or home state of the licensee or
  2. the licensee believes that the nonpublic information involves 250 or more consumers and that (a) notice is required from any government agency or other oversight body or (b) the cybersecurity event has a reasonable probability of causing material harm (i) to any consumer residing in the State or (ii) any material part of Licensee’s normal operation.

The new Kentucky law takes effect on January 1, 2023. Licensees will have one year from its effective date to implement many of its provisions, and two years from that date to implement implement a comprehensive information security program.

The new Maryland law takes effect October 1, 2022, with certain grace periods for licensees to comply with the law’s written information security program requirements (by October 1, 2023) and to implement the required oversight of service providers (by October 1, 2024).

To share
Warren C. Carruthers
https://hyposblog.info

Related Articles
Blog service

Scottish police caught playing strip poker

Posted on Author Warren C. Carruthers

Monday, December 20, 2021 | Written by Renée Three Scottish police officers who were filmed naked while playing a game of strip poker have been reported for indecent assault. A viral video of the police showed them naked and drinking beer in a private apartment. Investigations on the subject are currently underway, according to a […]
Blog service

Ukraine asks for more weapons from NATO and demands a Russian energy embargo

Posted on Author Warren C. Carruthers

US and UK announce new sanctions on Russia as Ukraine warns eastern residents to evacuate ahead of feared assault – part of wider Russian offensive in Ukraine looming continues to its 43rd day. Ukraine is pushing the West to increase arms deliveries as Russia refocuses its offensive on the east of the country. (AP) Thursday, […]
Blog service

West Seattle Blog… | WEST SEATTLE SATURDAY: 22 ratings!

Posted on Author Warren C. Carruthers

(Friday night photo, looking east from West Seattle, by David Hutchinson) Another busy Saturday! Here is the list for today/tonight, mostly from the WSB West Seattle Events Calendar: TRAFFIC ALERTS: The eastbound Spokane Street overpass is closed; so are lanes on I-5 southbound between I-90 and Spokane St. EMERALD WATER ANGLERS SUMMER FEST: Celebrate fishing […]