Spot On Insurance

Subscribe Now

Ep. 73: NY Cybersecurity Compliance Requirements

, ,

Shownotes

Howard W. Greene is the Director of Strategic Initiatives at Excess Line Association of New York (ELANY), a non-profit industry advisory association. Theodore P. Augustinos is a Managing Partner at Locke Lord LLP, a full-service law firm that is recognized for its solid reputation in complex litigation, regulatory, and transactional work. David Burgeson is the Chief Operating Officer at Renaissance Systems Inc., a nationwide provider of compliance-based IT services, programming, big data analytics, and security solutions.

This episode is brought to you by:

Insurance Licensing Services of America (ILSA), America’s premier regulatory compliance experts. To learn more visit ILSAinc.com.

Howard, Theodore, and David join us to discuss the topic of cybersecurity in the insurance industry. They share their wisdom regarding compliance, regulations, and how a company should respond to a cybersecurity threat and describe how their companies guarantee the data security of third-party apps. They also explain how they dispose of data properly and share tips on how to strengthen a company’s cybersecurity in accordance with the new regulations.

“Most of the data breaches aren’t from the third world, but internally.”

David Burgeson

What you’ll learn:

  • Where the insurance industry currently stands on cybersecurity regulations?
  • Who are the covered entities under the regulations?
  • What is Section 500.06 all about and what does it require.
  • How brokers detect and respond to cybersecurity events.
  • How long companies should retain records.
  • How companies can test the security of third-party apps.
  • How often companies should review their testing procedures.
  • What counts as secured disposal of data?
  • The type of data you can’t dispose of easily.
  • The kind of policies and procedures brokers can reasonably implement.
  • Why encryption is a non-option for data security.
  • Their advice to those wanting to enter the insurance industry.

Key Takeaways:

  • Make security and compliance a part of the culture and operations of your organization.
  • You need to have some level of control that would reveal whether employees or other unauthorized users may be improperly accessing, using, or tampering with data.
  • As you’re deploying new technologies, it’s important to design data mapping and disposal for your facilities.
  • You need to have procedures for evaluating, assessing, or testing the security of apps.

Connect with Our Guests:

Howard Greene

Theodore Augustinos

David Burgeson