Posted: | February 28, 2022 03:32 PM |
---|---|
From: | Representative Tina Pickett |
To: | All House members |
Subject: | PA Insurance Data Security Act |
In the near future, I plan to introduce legislation aimed at protecting Pennsylvania consumers from cybersecurity events and promoting data security standards to mitigate the potential damage of an insurance data breach. Cybercrime is on the rise. No industry is immune from this rise in crime and insurance providers, with their bevy of personal health information, make tempting targets for cybercriminals. The Pennsylvania Insurance Data Security Act adopts the National Association of Insurance Commissioners (NAIC) model law requiring licensees, with exceptions for small insurers, to conduct an annual risk assessment. Under the Act, each insurer domiciled in Pennsylvania would be required to submit an annual written statement to the Pennsylvania Insurance Department certifying that the insurer is in compliance with the risk assessment, information security program, and oversight portions of the Act. In addition, if a licensee learns that a cybersecurity event has or may have occurred, the licensees or an outside vendor and/or service provider shall conduct a prompt investigation and notify the Commissioner of the Pennsylvania Insurance Department within three (3) business days from a determination that a cybersecurity event involving nonpublic information in the possession of the licensee has occurred. In 2017, the U.S. Treasury Department recommended states adopt uniform data security regulations for the industry. As of today, at least 18 states have adopted some version of the NAIC model. Please join me in co-sponsoring this important piece of legislation. |
Introduced as HB2499