Today, the South Carolina Department of Insurance released Bulletin 2018-09 Cybersecurity Event Reporting Form. Why should you read it? The new IDSA bulletin focuses on two aspects of the Insurance Data Security Act, how the Department of Insurance defines a reportable cybersecurity event and the notification procedures.
The three main takeaways from the SCIDSA bulletin are:
Encryption
Encrypting data can prevent an Insurance licensee from declaring a cybersecurity event. Many businesses have yet to hop on the encryption bandwagon. Encryption by its very nature is meant to protect information from unintended eyes. For the insurance world, this means, if an agent loses a laptop but the laptop is encrypted, there is no cybersecurity event to report. For those concerned over price, encryption is relatively cheap to implement. In fact, the feature is in most business-level operating systems including both Windows and Mac.
Paper Documents
Loss of paper documents does not constitute a cybersecurity event. The South Carolina Insurance Data Security Act is for the digital world. To put this another way, unlike other industry regulations such as HIPAA, the loss of paper with Non-public information, does not constitute a cybersecurity event. SCIDSA is only concerned with digital activities.
Notification
Licensees have 72 hours to notify DOI of a cybersecurity event unless they are considered a “non-domicile entity.” For information on what a cybersecurity event is, see our other post describing IDSA terms and requirements, New Law Rocks the Insurance World in SC. To clarify the term “non-domicile entity,” the Department of Insurance is referring to a person or organization that does not consider South Carolina Home
Conclusion
If you are a South Carolina licensee who falls under the Information Data Security Act, Tandem Cyber Solutions can help you with the required security assessments and develop a comprehensive Information Security strategy. We aim to remove barriers for our clients so they can focus on their business.
For more information on SCIDSA check out some of our other popular blogs:
5 Must-Have Elements of an IDSA Information Security Plan
What does South Carolina Insurance Data Security Act mean for third-party providers?
As a small insurance agency, how do I know if I have been breached?
If you have any questions on SC Insurance Data Security Act compliance, Call Tandem Cyber Solutions today!
(843)309-3508
| doi_cyberevent_report_form.pdf |
| doi_bulletin_2018-09.pdf |
Author
Keith Small
Co-founder + VP of Operations
Keith Small is a retired professional law enforcement officer. Having sharpened an inquisitive mindset over almost three decades in criminal investigations and police work, he is now focused on applying his craft to protecting businesses from cybercriminals. Focusing on analysis and forensics, he relentlessly pursues knowledge in current tactics and cyber-criminal behaviors.
0 Comments