Today, the South Carolina Department of Insurance released Bulletin 2018-09 Cybersecurity Event Reporting Form. Why should you read it? This bulletin focuses on how the Department of Insurance defines a reportable cybersecurity event and the notification procedures. The three main take aways from the bulletin are:
- Encrypting data can prevent an Insurance licensee from declaring a cybersecurity event.
- Loss of paper documents does not constitute a cybersecurity event.
- Licensees have 72 hours to notify DOI of a cyber security event, unless they are considered a “non-domicile entity”.
If you are a South Carolina licensee who falls under the provisions of the Information Data Security Act, Tandem Cyber Solutions can help you with the required security assessments and develop a comprehensive Information Security strategy to meet regulatory obligations and protect your client’s data.
Follow this link to view the latest bulletin from the DOI. For your convenience we have attached both the bulletin and the updated event report form below. You may also want to review previous blogs about the IDSA and how you too can sign up for IDSA update notices from the DOI.
If you have any questions on SC Insurance Data Security Act compliance, Call Tandem Cyber Solutions today!
(843)309-3508
| doi_cyberevent_report_form.pdf |
| doi_bulletin_2018-09.pdf |
