X
    X
    X
    X

    Cybersecurity Compliance Requirements are Piling Up

    Publications

    Beginning October 1, 2017, health insurers, health care centers, pharmacy benefits managers, and third party administrators that administer health benefits, and utilization of new companies, licensed in Connecticut, will be required to file their first annual certification to the insurance department that it maintains a comprehensive information security program in compliance with the Connecticut Health Records Data Security Law that became effective October 1, 2015.

    On February 15, 2018, licensees of the New York Department of Financial Services, including banks, insurance companies and others licensed by the New York DFS, will need to file their first annual certification of compliance with the New York DFS Cybersecurity Regulation that became effective March 1, 2017, unless exempt. The New York requirement is broader in scope, covering more companies, and imposing broader and more granular compliance requirements, than the Connecticut requirement.

    On April 26, 2017, the NAIC revised its draft model cybersecurity law to incorporate many of the features of the NY DFS Cybersecurity Regulation, including a 72 hour notification requirement, but not including a requirement to file an annual compliance certificate. A hearing on the revised draft will be held on May 9, 2017.

    A hearing was held on May 2, 2017 on the cybersecurity regulation proposed March 6, 2017 by the Colorado Division of Securities for broker-dealers and investment advisors. Although not as onerous or comprehensive as the New York DFS Cybersecurity Regulation, including the lack of a specific certification requirement, this development may indicate the continuation of a trend of activity to promote and require better cybersecurity across various states and industries.

    Explore Additional Topics

    Disclaimer

    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.