The Connecticut Insurance Data Security Law goes into effect on October 1, 2020.
Licensed insurance companies, and any other companies otherwise authorized to operate pursuant to the insurance laws of Connecticut, should be aware of and follow the Law.
The Act establishes standards applicable to licensees of the Connecticut Insurance Department for data security, the investigation of a cybersecurity event, and notification to the Department of such event.
The law includes key elements like as:
-The performance of regular risk assessments
-The designation of a responsible employee, such as a chief information security officer-
The maintenance of an information security program that is ‘commensurate’ with the size and complexity of the licensee’s operations and the nature of its activities
Connecticut’s Insurance Department issued a Bulletin on July 20, 2020 (Please see https://portal.ct.gov/-/media/CID/1_Bulletins/Bulletin-IC-42.pdf)