Now for Something Completely Different
Print this Article | Send to Colleague
Agency Cyber Security – 7/1/20
Distracted Driving – 1/1/21
The other day someone told me that come July 1st they wouldn’t be able to hold their cell phone while driving, since that’s when the new laws take effect. They are of course partially right, as July 1 is generally when new legislation takes effect. But the distracted driving bill has a delayed effectiveness date of January 1, 2021. The delay is to allow for plenty of communication and education so people will be aware of the new legislation and NOT hold their cell phone while driving. That said, please don’t text and drive regardless.
There IS a bill that takes effect on July 1, that we should not ignore and that’s the cyber security legislation that addresses the insurance industry. HB 1334 makes some major changes to data security provisions in the Code to specifically address our industry and your agency. Among other items, the bill:
- Clearly specifies that the Bureau of Insurance will provide oversight of the industry by moving regulations out of the criminal code and moving it to 38.2
- Eliminates a private cause of action
- Maintains the GLB provisions that all agencies must have a security plan that is “commensurate with the size of the agency”
- Requires agencies to have an incident response plan
- Outlines provisions for investigating a cyber event
- Provides guidance on when an event must be reported to the Commissioner and/or consumers, and
- Requires the BOI to implement specific regulations to implement the new legislation.
This was a major piece of legislation where IIAV worked with the Bureau of Insurance for several years. There’s not a professional out there that doesn’t understand the importance of keeping the data we collect on consumers safe. IIAV is presently working with the Bureau of Insurance on the follow up regulations and we anticipate that the exposure draft for regulations will be released soon.
Many of us assume that our third party Agency Management System companies are doing what they need to do to keep our records private. However, I recently read the agreement for one of the AMS companies that was pretty dated and didn’t address data security at all. Clearly the agency needed to get an updated agreement with this major provider to ensure that the provisions for data security are protected.
There is good news. Through our affiliation with the Agents Council on Technology – ACT – you have resources available to help your agency comply with the new legislation and regulations to come. The Cyber Security Guidelines are found here: https://www.independentagent.com/act/pages/planning/securityprivacy/cyberguide2.aspx
ACT provides easy to outline and understand issues related to cyber security for your agency. I implore you to look at this information today and start becoming familiar with the information provided that can be useful to your agency. It is provided for Big I members only. This is exceptional information and you might very well want to designate someone within your agency to be “first mate in charge” of data security.
This is another example of IIAV membership being useful to your agency. Stay tuned for more.
Robert N. Bradshaw, Jr., MAM
IIAV President & CEO