If passed, licensees must have comprehensive risk assessment and information security programs (threat management, employee monitoring, access controls, secure development, audit trails, periodic evaluations); cybersecurity incidents that could materially harm consumers or normal business operations must be reported to the State Insurance Commissioner (within 3 business days), and affected residents (pursuant to State breach notification requirements).
Related Posts
New York Introduces Stricter Social Media Privacy Laws for Children
New York has enacted stringent legislation aimed at enhancing social media privacy protections for children. The new law…
Brazil Enshrines Right to Data Protection in Constitution
An important milestone where, Effective February 10, 2022, Brazilians have the constitutional right to the protection of their…
New York Proposes the Digital Fairness Act
If passed, entities that process the PI of 500 or more unique individuals must obtain explicit, informed opt-in…