Cybersecurity Laws Agencies Need to Know

Insurance-Left.png
Cybersecurity Laws Agencies Need to Know
Insurance-Right.png

 
Portage, Michigan | May 03, 2018
Updated: March 02, 2020

Cybersecurity is a growing concern for the government and businesses while attacks occur more often and much faster today than ever before.

Every 39 seconds to be exact (University of Maryland).

Cyber incidents impact small to large-sized companies as well as non-profits and even local and federal governments.

The City of New Orleans and Baltimore sure didn’t think they would fall victim to attacks.

Hackers are coming after insurance agencies as they handle delicate customer information daily.

All that personal identifying information is at risk when cyber-attacks occur.

Most of this information is highly confidential to the customer and is often only disclosed to agents.

Fortunately, there are security measures agencies can take to ensure the protection of sensitive customer information from being compromised, thanks to a few cybersecurity laws in place on both the state and federal levels.

 

The Gramm - Leach - Bliley Act (GLBA)

The Gramm-Leach-Bliley Act, or the Financial Services Modernization Act, was enacted in 1999 to require companies that offer consumers financial services and products to explain their information sharing process to their customers to protect their sensitive data.

There are security measures and regulations in place to help insurance companies comply with the act.

It’s important that agencies understand these regulations, comply with and protect them, and well as fully address all the areas of business that apply.

The best thing an insurance agency can do about cyber risk, is acknowledge its importance and the fact that ensuring customer information security is a high priority.

 There are several best practices which assist agencies with security and complying with the GLBA.

*Updated: Changes to the GLBA include the Safeguard Rule and the Privacy Rule.

The Safeguard Rule requires a financial institution to develop, implement, and maintain a comprehensive information security program.

The Privacy Rule requires a financial institution to inform customers about its information-sharing practices and allow customers to opt-out of having their information shared with certain third parties.

See also: 4 Ways An MSP Can Help Your Agency With HIPAA Compliance

 

Agents Council For Technology

The Agents Council for Technology brings together volunteer work groups to address issues like cybersecurity, customer experience, and future trends in technology.

As a council, they work together to develop best practices and tools to help agencies, brokers, and carriers to implement a more effective technology process.

Among the council’s members are carriers such as Allstate independent agents, Liberty Mutual Insurance, MetLife Auto and Home, and Progressive.

Check it out: Why You Should Be Concerned About Cybersecurity 

 

Cybersecurity Information Sharing Act

The Cybersecurity Information Sharing Act was enacted in 2015 to improve security through enhanced sharing of information about cybersecurity threats.

The act allows the sharing of Internet traffic information between the government and U.S companies.

This act receives more controversy than others, receiving backlash from big tech companies such as Google, Facebook, Netflix, and Amazon.com.

Infographic: What Is Attacking My Computer?

Sure, it’s easy to say, “go back to the good old days” and keep records with pen and paper, but that’s hardly necessary in order to keep private customer information secure today.

While technology and the Internet are becoming more and more prominent in the daily workflow and data keeping, it’s important to stay knowledgeable about the laws and regulations in place to help keep information secure and your job easier if or when a cyber incident occurs.

Insurance Data Security Law

The National Association of Insurance Commissioners (NAIC) created a cybersecurity model law for insurance companies.

With the purpose of establishing standards for data security and regulations on risk assessment, risk management, cybersecurity, and an incident response plan.

This will serve as a guideline for all states - South Carolina became the first to adopt it back in 2017.

While Ohio and Michigan recently followed suit.

More on this here.

 
The Omega Blog. Insurance blog, business blog, technology blog, cybersecurity blog, msp blog, smb blog, I.T. services blog
Insurance Security Guide. Business Technology guide
The Geek Freaks Podcast. Insurance podcast, business podcast, technology podcast, smb podcast, msp podcast, cybersecurity podcast, I.T. services podcast

SHARE BLOG POST

InsuranceJulie Stevens