Turn on more accessible mode

Turn off more accessible mode

Skip Ribbon Commands

Skip to main content

Turn off Animations

Turn on Animations

Follow

Focus on Content

S1-Post-Only

Cyber Guide Regulations and Descriptions

It is critical that all Agents and Brokers understand and comply with the GLBA requirements to protect their clients' data. GLBA also covers other emerging regulations such as NY DFS. These are considered best practices for agency security. Agencies doing business in the state of New York may apply for an exemption under the NY DFS 23 CRR 500 Act for some of the regulations. However, GLBA still applies. Details on NY DFS exemption eligibility and application are in the Appendix section at the end of this document. Access control... on customer information systems, including controls to authenticate and permit access only to authorized individuals and systems to prevent employees from providing customer information to unauthorized individuals who seek it through fraudulent means Access restrictions... at physical locations containing customer information. Encryption... of electronic customer information, including when in transit or in storage on systems where unauthorized individuals may have access. Procedures... to ensure that customer information system modifications are consistent with an organization's information security program. Dual control procedures... segregation of duties and employee background checks for employees with access to customer information. Monitoring of systems... and procedures to detect actual and attempted attacks on or intrusion into customer information systems. Response programs... for when an organization suspects or detects that unauthorized individuals have gained access to customer information systems. Measures... to protect customer information from destruction, loss or damage by environmental hazards or technological failure. Training for staff... to implement the security program. Regular testing... of the key controls, systems, and procedures of the security program. It is critical that agents and brokers understand and comply with GLBA requirements to protect their clients' data. For additional background and resources, review this series of webinars offered by the Big 'I' Illinois state association: https://www.iiaofil.org/Cyber NAIC Cybersecurity Recommendations The National Association of Insurance Commissioners (NAIC) created a model law for states to review and adopt. This web page lists updates on state progress and additional resources to understand the details of the NAIC Model Law. NY DFS NYCRR 500 Cybersecurity A review of regulations by the NY DFS. Your company may apply for an exemption depending on how your agency falls within these regulations. More Guide Information 12-Step Compliance Roadmap Dive into each regulation and find resources from cyber providers and industry experts. Real-World Breaches Independent agencies of any size can experience breaches. Read their stories here! Costs and PenaltiesWhat’s the cost of non-compliance? Understand federal, state, and other penalties. Cybersecurity Provider ListingsFind a detailed analysis of service provider who can help independent agencies comply with cyber regulations. Reviewed and organized by ACT.