South Carolina became the first state to enact into law a comprehensive cybersecurity law requiring insurers to "establish a strong and aggressive program to protect companies and their consumers from a data breach."
The South Carolina legislature passed the South Carolina Insurance Data Security Act, without any material changes from the NAIC's model version, becoming the first state to adopt the model law. The law creates requirements for insurers, agents and other licensed entities covering data security investigation and notification of breach, including maintaining an information security program based on ongoing risk assessment; overseeing third-party service providers; investigating data breaches and notifying regulators of a cyber security event.
Licensees have until July 1, 2019 to comply with the new law, except for the provisions relating to oversight of third-party service providers, which have a compliance date of July 1, 2020.
Read more here.
08 May 2018