The state House of Representatives recently passed legislation fighting cybercrime within Pennsylvania’s insurance industry.
House Bill 2499, otherwise known as the Pennsylvania Insurance Data Security Act, would establish standards to protect consumers’ personal information from cybersecurity events and mitigate the potential damage caused by an insurance data breach.
Under the bill, Pennsylvania-based insurers would be required to submit written statements to the Pennsylvania Insurance Department annually certifying they comply with the risk assessment, information security program, and oversight portions of the act.
If an insurer learns that a cybersecurity event has or may have occurred, the bill would require the insurer, an outside vendor, and/or service provider to notify the insurance commissioner within five business days and conduct a prompt investigation.
“House Bill 2499 adopts uniform data security standards, investigation, and notification requirements in collaboration with the Insurance Department to better protect consumers’ personal and private information from a potential insurance data breach,” state Rep. Tina Pickett (R-Bradford/Sullivan/Susquehanna), House Insurance Committee majority chairwoman and the bill’s prime sponsor, said. “This bill also updates current company law to protect costly and disruptive regulations while maintaining national accreditation standards.”
The bill now moves to the Senate for consideration.
At least 18 other states have adopted similar legislation.