Skip Ribbon Commands
Skip to main content
S1-Post-Only

Cyber Guide Regulations and Descriptions


It is critical that all Agents and Brokers understand and comply with the GLBA requirements to protect their clients' data.  GLBA also covers other emerging regulations such as NY DFS.
These are considered best practices for agency security.

Agencies doing business in the state of New York may apply for an exemption under the NY DFS 23 CRR 500 Act for some of the regulations.
However, GLBA still applies. Details on NY DFS exemption eligibility and application are in the Appendix section at the end of this document.





Button

Access control...

on customer information systems, including controls to authenticate and permit access only to authorized individuals and systems to prevent employees from providing customer information to unauthorized individuals who seek it through fraudulent means

Button

Access restrictions...

at physical locations containing customer information.

Button

Encryption...

of electronic customer information, including when in transit or in storage on systems where unauthorized individuals may have access.

Button

Procedures...

to ensure that customer information system modifications are consistent with an organization's information security program.

Button

Dual control procedures...

segregation of duties and employee background checks for employees with access to customer information.

Button

Monitoring of systems...

and procedures to detect actual and attempted attacks on or intrusion into customer information systems.

Button

Response programs...

for when an organization suspects or detects that unauthorized individuals have gained access to customer information systems.

Button

Measures...

to protect customer information from destruction, loss or damage by environmental hazards or technological failure.

Button

Training for staff...

to implement the security program.

Button

Regular testing...

of the key controls, systems, and procedures of the security program.



It is critical that agents and brokers understand and comply with GLBA requirements to protect their clients' data.

For additional background and resources, review this series of webinars offered by the Big 'I' Illinois state association:

https://www.iiaofil.org/Cyber


NAIC Cybersecurity Recommendations

The National Association of Insurance Commissioners (NAIC) created a model law for states to review and adopt. This web page lists updates on state progress and additional resources to understand the details of the NAIC Model Law.

NY DFS NYCRR 500 Cybersecurity

A review of regulations by the NY DFS. Your company may apply for an exemption depending on how your agency falls within these regulations.











 
 
image 
 
​127 South Peyton Street
Alexandria VA 22314
​phone: 800.221.7917
fax: 703.683.7556
email: info@iiaba.net

Follow Us!

Empowering Trusted Choice®
Independent Insurance Agents.​