Skip Ribbon Commands
Skip to main content

Cyber Guide Regulations and Descriptions

It is critical that all Agents and Brokers understand and comply with the GLBA requirements to protect their clients' data.  GLBA also covers other emerging regulations such as NY DFS.
These are considered best practices for agency security.

Agencies doing business in the state of New York may apply for an exemption under the NY DFS 23 CRR 500 Act for some of the regulations.
However, GLBA still applies. Details on NY DFS exemption eligibility and application are in the Appendix section at the end of this document.


Access control...

on customer information systems, including controls to authenticate and permit access only to authorized individuals and systems to prevent employees from providing customer information to unauthorized individuals who seek it through fraudulent means


Access restrictions...

at physical locations containing customer information.



of electronic customer information, including when in transit or in storage on systems where unauthorized individuals may have access.



to ensure that customer information system modifications are consistent with an organization's information security program.


Dual control procedures...

segregation of duties and employee background checks for employees with access to customer information.


Monitoring of systems...

and procedures to detect actual and attempted attacks on or intrusion into customer information systems.


Response programs...

for when an organization suspects or detects that unauthorized individuals have gained access to customer information systems.



to protect customer information from destruction, loss or damage by environmental hazards or technological failure.


Training for staff...

to implement the security program.


Regular testing...

of the key controls, systems, and procedures of the security program.

It is critical that agents and brokers understand and comply with GLBA requirements to protect their clients' data.

For additional background and resources, review this series of webinars offered by the Big 'I' Illinois state association:

NAIC Cybersecurity Recommendations

The National Association of Insurance Commissioners (NAIC) created a model law for states to review and adopt. This web page lists updates on state progress and additional resources to understand the details of the NAIC Model Law.

NY DFS NYCRR 500 Cybersecurity

A review of regulations by the NY DFS. Your company may apply for an exemption depending on how your agency falls within these regulations.

​127 South Peyton Street
Alexandria VA 22314
​phone: 800.221.7917
fax: 703.683.7556

Follow Us!

​Empowering Trusted Choice®
Independent Insurance Agents.