Aug 5, 2018
Overview: This is the beginning of the states taking proactive approach to transfer the risk to businesses and through regulations. Common Occurrence – China, EU, Spain, Various States, etc…. GDPR for the US is coming….but that is for Data Privacy EU Cyberlaw that will be hitting the end of the year….Focused on Data Transfers, along with other items It is all coming, so you better be prepared to REDUCE YOUR CYBER RISK! Details: Quote: Justin Orcutt - The South Carolina Insurance Data Security Act was signed into law on May 14th, 2018 by South Carolina Governor Henry McMaster. It’s the first piece of cybersecurity legislation ever to be passed in the United States aimed at covering the insurance industry. Insurance Data Security Model – Drafted by the National Association of Insurance Commissioners in 2017 Similar to the Alabama Breach Law, NYDFS Law, etc Official January 1, 2019 but all the requirements don’t hit until 2020 Interesting tidbit: -All Licensees of the South Carolina Department of Insurance must have a “comprehensive, written, cybersecurity program” in place -Insurers, agents, other licensed entities, plus real-estate lawyers who are also real-estate agents -Cybersecurity Program -Breach Response plan – 72 hours (YEA BABY) -BIGGIE: Designate Individual, Third Party, or Affiliate who is responsible for your program -Can there be more!!!! --250 vs. HIPAA’s 500people -Investigate Promptly and records must be retained for 5 years It goes on….. Recommendation / Outcome: -Read the law and determine if it affects you and your business -Look for resources to help you build out a program, designate a person, etc. -Legal counsel on the best course of action to ensure you meet the law -Cybersecurity advice who can work with legal counsel and your business -Utilize my training that I am building for this very situation!