Delaware Signs Insurance Data Security Act into Law

White and Williams LLP

White and Williams LLP

On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the Delaware law establishes a regulatory framework requiring insurers licensed to do business in Delaware to develop and implement a comprehensive data security (or cybersecurity) program. It also requires insurers to report instances of data breaches to the Delaware Insurance Commissioner and consumers, and it empowers the Department of Insurance to investigate violations of the Act and levy penalties against insurance carriers.

According to the August 1, 2019 press release issued by the Delaware Department of Insurance:

Prior to the implementation of this law, there were no standards for insurance companies to follow regarding protection of consumers’ data, and notifying the Department. Historically, when an insurer determined that a data breach had occurred, notification to the Department of Insurance was delayed, sometimes by several months. Notably, this Act accomplishes the following:

  1. Requires insurance companies to implement information security programs and conduct risk assessments to try to prevent data breaches and compromising of consumers’ Nonpublic Information and personal data;
  2. Requires insurers to conduct thorough investigations to determine if a cybersecurity event or data breach may have occurred and whose data may have been compromised;
  3. Notify the Insurance Commissioner within three (3) business days of determining that a data breach or cybersecurity event has occurred;
  4. Mandates that insurers notify all impacted consumers within sixty (60) days of the determination that their data has or may have been compromised;
  5. Requires that insurers offer free credit monitoring services for one year to consumers impacted by breaches; and
  6. Endows the Commissioner with the power to investigate the affairs of any insurer to determine whether they have been engaged in any conduct in violation of this Act and take action accordingly.

Further and more detailed analysis of the Delaware Insurance Data Security Act will follow under a separate alert.

[View Source]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White and Williams LLP | Attorney Advertising

Written by:

White and Williams LLP

White and Williams LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.