The Connecticut Insurance Data Security Law (Act) States That A Licensee Must Act Quickly
On June 4, 20191 the Connecticut General Assembly enacted the Insurance Data Security Law (“Act”) which became effective October 1, 2020. This law states that ALL licensees must develop, implement and maintain a comprehensive Written Information Security Program (“WISP”) that complies with the requirements of Conn. Gen. Stat. § 38a-38(c).
The Act Requires Licensees to:
- Develop, implement and maintain a comprehensive written information security program (“WISP”) that complies with the requirements
- Exercise due diligence in selecting third-party service providers (“3PSPs”) and require each 3PSP to implement appropriate protections measures for information systems and nonpublic information
- Submit a written statement to the Insurance Commissioner certifying that the insurer is in compliance with the requirements
- Conduct prompt investigation when a licensee learns of a possible cybersecurity event
Act Requirements:
- Determining whether a cybersecurity event occurred
- Assessing the nature and scope of the Cybersecurity Event
- Identifying is any nonpublic information may have been involved in the Cybersecurity Event
- Performing measures to restore the security of the information
What Makes Up A Comprehensive Cybersecurity Program?
Comprehensive Cybersecurity Policy Set
Asset Inventory Management
Endpoint Protection and Monitoring
Business Continuity and Disaster Recovery Planning and Testing
Regular Vulnerability Scanning
System Risk Assessment and Plans of Action
First Response Operating System and Third-Party Patching
And so much more…
Sign Up for your Complimentary
Cybersecurity Audit
For more information on the Connecticut Insurance Data Security Law (Act), click here.
