Cybersecurity Bill Advances with IA&B’s Input
The majority of Delaware independent insurance agencies would be exempt from advancing cybersecurity legislation’s most onerous requirements, thanks to the IA&B government affairs team’s advocacy.
As the Delaware General Assembly approaches its June 30 adjournment, state lawmakers this week voted out of committee House Bill 174, which would impose requirements on insurers and insurance licensees, including all agents and brokers. Put forth by the Department of Insurance (DOI), the legislation is based on the National Association of Insurance Commissioners (NAIC) model law, specifically:
- Requiring the implementation of a comprehensive written information security program and
- Establishing standards for the investigation of and notification to the insurance commissioner of cybersecurity events affecting licensees.
We have spent the last several months in talks with the DOI and lawmakers about the standards agents and brokers are already held to when protecting policyholder data, and we were successful in making several improvements to the legislation beyond what exists in the NAIC model. Most notably, we were able to expand the provision that exempts agencies from the written information security program requirements. The NAIC Data Security Model Law exempts agencies with fewer than 10 employees, including independent contractors. Thanks to our advocacy, the Delaware version of the legislation increases that threshold to fewer than 15 employees, and removes the independent contractor language, thus exempting the majority of Delaware independent agencies.
Our government affairs team will maintain a daily presence in Dover in the weeks ahead to advocate on HB 174 and additional legislation impacting the independent agent and broker community. Stay tuned to Agent Headlines for more information as the cybersecurity legislation advances through the legislature, including resources to help agencies achieve compliance should the bill become law.