Skip Ribbon Commands
Skip to main content

Cyber Guide Regulations and Descriptions

It is critical that all Agents and Brokers understand and comply with the GLBA requirements to protect their clients' data.  GLBA also covers other  regulations such as NY DFS. These are considered best practices for agency security.

Agencies doing business in the state of New York may apply for an exemption under the NY DFS 23 CRR 500 Act for some of the regulations.
However, GLBA still applies. 

Gramm-Leach-Bliley Act
Check out these insights as provided by the Federal Trade Commission (FTC) on GLBA, and more detail on what the provisions and compliance for safeguards mean for our industry. This site also house links to additional GLBA-related resources.

Learn More

IIABA General Counsel Memorandum
Privacy provisions of the Gramm-Leach-Biley ACT (GLBA) and their impact on insurance agents and brokers.

Downloadable memorandum for Big I members

Learn More

 Access Control...on customer information systems, including controls to authenticate and permit access only to authorized individuals and systems to prevent employees from providing customer information to unauthorized individuals who seek it through fraudulent means.

 Access physical locations containing customer information.

Encryption...of electronic customer information, including when in transit or in storage on systems where unauthorized individuals may have access. ensure that customer information system modifications are consistent with an organization's information security program.

 Dual Control Procedures...segregation of duties and employee background checks for employees with access to customer information.

 Monitoring of Systems...and procedures to detect actual and attempted attacks on or intrusion into customer information systems.

Response Programs...for when an organization suspects or detects that unauthorized individuals have gained access to customer information systems. protect customer information from destruction, loss or damage by environmental hazards or technological failure.

Training for implement the security program.

Regular testing...of the key controls, systems, and procedures of the security program.

Additional Resources

Categories are listed by the below resources to help identify the type of issue for which it provides guidance.

  • Regulatory ✔     Intended to offer regulatory insight and resources. 
  • Contractual 📝  Intended to offer insight and resources to better understand contractual obligations being imposed.
  • Existential ⚠      Intended to offer insight and resources for training and risk mitigation strategies. 

NAIC Cybersecurity Recommendations

Regulatory ✔ Contractual 📝

This comprehensive publication provides quick access to every NAIC Model Law, Regulation, and Guideline. Included with every model is a state action page that cites each state's enacted model or similar legislation.

NY DFS NYCRR 500 Cybersecurity

Regulatory ✔ Contractual 📝

A review of regulations by the NY DFS. Your company may apply for an exemption depending on how your agency falls within these regulations.

NAIC Cybersecurity Education Article

Regulatory ✔ Contractual 📝

Information and resource links on cybersecurity for the insurance sector.

NAIC Insurance Data Security Model Law

Regulatory ✔ Contractual 📝

NAIC Insurance Data Security Model Law was adopted to establish data security standards for regulators and insurers to mitigate the potential damage of a data breach. This resource includes a map of US states which have adopted the Model Law

​127 South Peyton Street
Alexandria VA 22314
​phone: 800.221.7917
fax: 703.683.7556

Follow Us!

​Empowering Trusted Choice®
Independent Insurance Agents.