Lege TREND. Refresher Insurance Data Security Bills.

SB273 (OH |2018) does the following:

• Adopts the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law
• OH becomes the 2nd state after South Caroline to adopt the model law
• Requires licesees develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards to protect nonpublic information and the licensee’s information system within 1 year of the effective date of the Act;
• Perform a risk assessments 
• Develop a formal incident cyber response plan 
• Require their third-party service providers to implement security measures within 2 years
• Report data breaches to the head of its Department of Insurance  within 3 business days after determination tof a cyber event;
• Certify compliance to the  the head of its Department of Insurance
• 5 year retention of all records supporting the certificate of compliance