Today, the South Carolina Department of Insurance released Bulletin 2018-09 Cybersecurity Event Reporting Form. Why should you read it? The new IDSA bulletin focuses on two aspects of the Insurance Data Security Act, how the Department of Insurance defines a reportable cybersecurity event and the notification procedures.

The three main takeaways from the SCIDSA bulletin are:

Encryption

Encrypting data can prevent an Insurance licensee from declaring a cybersecurity event. Many businesses have yet to hop on the encryption bandwagon. Encryption by its very nature is meant to protect information from unintended eyes. For the insurance world, this means, if an agent loses a laptop but the laptop is encrypted, there is no cybersecurity event to report. For those concerned over price, encryption is relatively cheap to implement. In fact, the feature is in most business-level operating systems including both Windows and Mac.

Paper Documents

Loss of paper documents does not constitute a cybersecurity event. The South Carolina Insurance Data Security Act is for the digital world. To put this another way, unlike other industry regulations such as HIPAA, the loss of paper with Non-public information, does not constitute a cybersecurity event.  SCIDSA is only concerned with digital activities.

Notification

Licensees have 72 hours to notify DOI of a cybersecurity event unless they are considered a “non-domicile entity.” For information on what a cybersecurity event is, see our other post describing IDSA terms and requirements,  New Law Rocks the Insurance World in SC. To clarify the term “non-domicile entity,” the Department of Insurance is referring to a person or organization that does not consider South Carolina Home

Conclusion

If you are a South Carolina licensee who falls under the Information Data Security Act, Tandem Cyber Solutions can help you with the required security assessments and develop a comprehensive Information Security strategy. We aim to remove barriers for our clients so they can focus on their business.

For more information on SCIDSA check out some of our other popular blogs:

5 Must-Have Elements of an IDSA Information Security Plan

What does South Carolina Insurance Data Security Act mean for third-party providers?

As a small insurance agency, how do I know if I have been breached?

 

If you have any questions on SC Insurance Data Security Act compliance, Call Tandem Cyber Solutions today!


(843)309-3508

 

doi_cyberevent_report_form.pdf
File Size: 872 kb
File Type: pdf

Download File


doi_bulletin_2018-09.pdf
File Size: 344 kb
File Type: pdf

Download File

Author

VP_Ops

Keith Small
Co-founder + VP of Operations


Keith Small is a retired professional law enforcement officer. Having sharpened an inquisitive mindset over almost three decades in criminal investigations and police work, he is now focused on applying his craft to protecting businesses from cybercriminals. Focusing on analysis and forensics, he relentlessly pursues knowledge in current tactics and cyber-criminal behaviors.

 



Keith Small

Keith Small is a retired professional law enforcement officer. Having sharpened an inquisitive mindset over almost three decades in criminal investigations and police work, he is now focused on applying his craft to protecting businesses from cyber criminals. Focusing on analysis and forensics, he relentlessly pursues knowledge in current tactics and cyber-criminal behaviors

0 Comments

Leave a Reply