State of Alabama Mandates Heightened Cybersecurity Standards for Insurance Industry

Category: Featured , Data Security , Cyberbytes
Author: NXTsoft
Governor Kay Ivey signed Alabama S.B. 54 into law, making Alabama the latest state to pass a law mandating heightened standards within the insurance industry for cybersecurity and data privacy. The Insurance Information Security Program Requirement applies specifically to insurers and other entities licensed by the Alabama Department of Insurance (DOI). The law requires insurers to develop and implement an information security program, report certain cybersecurity events to the Commissioner of Insurance (Commissioner), and provides for civil penalties under certain conditions.
 
Licensees have until May 1, 2020, to implement the statute’s information security requirements, and until May 1, 2021, to implement the statute’s required controls for third-party service providers.
 
S.B. 54 expands upon Alabama’s existing data privacy laws for insurers by a) differentiating the definition of personal information, b) requiring notification to the Commissioner for cybersecurity events, c) requiring that applicable insurers develop, implement and maintain a written information security policy, and d) expanding the power of the Commissioner to monitor compliance and execute penalties for non-compliance.
 
The following exceptions shall apply to this act:
(1) A licensee is exempt from Section 4 of this act if any of the following criteria apply:
  1. The licensee has fewer than 25 employees.
  2. The licensee has less than $5 million in gross annual revenue.
  3. The license has less than $10 million in year-end total assets.

New call-to-action

Find out how NXTsoft can help Alabama insurance agents comply with Alabama S.B. 54 and assist with cybersecurity requirements required by this law. Get more information on how NXTsoft can help your insurance agency with cybersecurity!


 

August 7, 2020
Back
Share this post on social media