Governor Josh Shapiro ratified House Bill 739, popularly known as the Pennsylvania Insurance Data Security Act, in June of 2023. This legislation was passed with the intention of enhancing cybersecurity protections for Pennsylvanian insurance consumers. The new law intends to protect individuals from online risks and make sure that insurance providers have enough security measures in place to secure private financial data.
The Pennsylvania Insurance Department (PID) has been working hard to execute this law and is equipped with resources to help customers and businesses deal with cyberattacks. PID seeks to stop cybercrimes by working with the insurance sector and assisting insurers in efficiently safeguarding the information of their clients.
As a result of an increase in cybercrime, Americans reported losses of over $10.3 billion in 2022. Due to the vast quantity of personal data they collect, insurers, in particular, are a target.
What Does This Cyber Legislation Technically Do?
Under Act 2, insurance licensees (companies and individuals) are required to conduct a risk assessment to identify cyber threats and their potential impact. Each licensee is required to build a thorough information security program to address these risks and an incident response strategy to successfully manage cybersecurity incidents.
Essentially, it is similar to the state requiring inspections for vehicles. It protects everyone and avoids a situation where a vehicle is insured but is not roadworthy. The same thing can be said about insuring an insecure data setup. Many insurance companies were already performing these steps to protect clients and lower the likelihood of a data breach, but this now requires the entire process to be a part of the process.
If A Data Breach Occurs To A Business In PA
Licensees have five business days to notify the Insurance Commissioner of any data breach involving nonpublic information. Due to this prompt communication, PID is able to collaborate with insurers to lessen losses and assist impacted customers.
The legislation, which supports data security standards and lessens the impact of data breaches, is based on the model insurance data security law from the National Association of Insurance Commissioners (NAIC). This model law has now been enacted by Pennsylvania, making it the 22nd state to do so, demonstrating the state’s dedication to consumer and cybersecurity protection.
If You Have Cyber Security Insurance From Strickler Insurance
If you have insurance from us it is unlikely you will notice much of a change. We like to be effective in our approach of managing cybersecurity insurance and we recognize the importance of quality services for business owners.
If You Do Not Have Cybersecurity Insurance
This is a necessity for any business that manages personal information or credit cards. You could be held liable for large sums of money if there were to be a data breach at your business. Learn more about our cybersecurity insurance services.
