you prepared if a Breach Occurs?

The Connecticut Insurance Data Security Law (Act) States That A Licensee Must Act Quickly

On June 4, 20191 the Connecticut General Assembly enacted the Insurance Data Security Law (“Act”) which became effective October 1, 2020. This law states that ALL licensees must develop, implement and maintain a comprehensive Written Information Security Program (“WISP”) that complies with the requirements of Conn. Gen. Stat. § 38a-38(c).

The Act Requires Licensees to:

Develop, implement and maintain a comprehensive written information security program (“WISP”) that complies with the requirements
Exercise due diligence in selecting third-party service providers (“3PSPs”) and require each 3PSP to implement appropriate protections measures for information systems and nonpublic information
Submit a written statement to the Insurance Commissioner certifying that the insurer is in compliance with the requirements
Conduct prompt investigation when a licensee learns of a possible cybersecurity event

Act Requirements:

Determining whether a cybersecurity event occurred
Assessing the nature and scope of the Cybersecurity Event
Identifying is any nonpublic information may have been involved in the Cybersecurity Event
Performing measures to restore the security of the information