The “Insurance Data Security Law” went into effect on July 1, 2019. Not familiar with this new law? It establishes the exclusive state standards applicable to any person licensed, authorized to operate, or registered, or required to be licensed, authorized or registered pursuant to the insurance laws of Mississippi (each, a “Licensee“) for data security. Licensees are required to develop, implement, and maintain a comprehensive written information security program based on the Licensee’s risk assessment and that contains administrative, technical and physical safeguards for the protection of nonpublic information and the Licensee’s information system. If the Licensee learns that a cybersecurity event has or may have occurred, then the Licensee, or an outside vendor and/or service provider designated to act on behalf of the Licensee shall conduct a prompt investigation. Each Licensee is required to notify the commissioner as promptly as possible but in no event later than three (3) business days from a determination that a cybersecurity event involving nonpublic information has occurred.
To learn more about the bill: http://billstatus.ls.state.ms.us/2019/pdf/history/SB/SB2831.xml