Turn on more accessible mode

Turn off more accessible mode

Skip Ribbon Commands

Skip to main content

Turn off Animations

Turn on Animations

Follow

Focus on Content

S1-Post-Only

Cyber Guide Regulations and Descriptions

Cyber Guide Regulations and Descriptions It is critical that all Agents and Brokers understand and comply with the GLBA requirements to protect their clients' data. GLBA also covers other regulations such as NY DFS. These are considered best practices for agency security. Agencies doing business in the state of New York may apply for an exemption under the NY DFS 23 CRR 500 Act for some of the regulations. However, GLBA still applies. Gramm-Leach-Bliley Act Gramm-Leach-Bliley Act Check out these insights as provided by the Federal Trade Commission (FTC) on GLBA, and more detail on what the provisions and compliance for safeguards mean for our industry. This site also house links to additional GLBA-related resources. Learn More IIABA General Counsel Memorandum IIABA General Counsel Memorandum Privacy provisions of the Gramm-Leach-Biley ACT (GLBA) and their impact on insurance agents and brokers. Downloadable memorandum for Big I members Learn More Access Control...on customer information systems, including controls to authenticate and permit access only to authorized individuals and systems to prevent employees from providing customer information to unauthorized individuals who seek it through fraudulent means. Access Restrictions...at physical locations containing customer information. Encryption...of electronic customer information, including when in transit or in storage on systems where unauthorized individuals may have access. Procedures...to ensure that customer information system modifications are consistent with an organization's information security program. Dual Control Procedures...segregation of duties and employee background checks for employees with access to customer information. Monitoring of Systems...and procedures to detect actual and attempted attacks on or intrusion into customer information systems. Response Programs...for when an organization suspects or detects that unauthorized individuals have gained access to customer information systems. Measures...to protect customer information from destruction, loss or damage by environmental hazards or technological failure. Training for staff...to implement the security program. Regular testing...of the key controls, systems, and procedures of the security program. Additional Resources Categories are listed by the below resources to help identify the type of issue for which it provides guidance. Regulatory ✔ Intended to offer regulatory insight and resources. Contractual 📝 Intended to offer insight and resources to better understand contractual obligations being imposed. Existential ⚠ Intended to offer insight and resources for training and risk mitigation strategies. NAIC Cybersecurity Recommendations Regulatory ✔ Contractual 📝 This comprehensive publication provides quick access to every NAIC Model Law, Regulation, and Guideline. Included with every model is a state action page that cites each state's enacted model or similar legislation. NY DFS NYCRR 500 Cybersecurity Regulatory ✔ Contractual 📝 A review of regulations by the NY DFS. Your company may apply for an exemption depending on how your agency falls within these regulations. NAIC Cybersecurity Education Article Regulatory ✔ Contractual 📝 Information and resource links on cybersecurity for the insurance sector. NAIC Insurance Data Security Model Law Regulatory ✔ Contractual 📝 NAIC Insurance Data Security Model Law was adopted to establish data security standards for regulators and insurers to mitigate the potential damage of a data breach. This resource includes a map of US states which have adopted the Model Law More Guide Information Agency Cyber Roadmap Cybersecurity steps for agencies to consider Big I Cyber Resource CenterExplore cyber resources for agencies Presented by the Big "I"