3 Important Facts to Take Away From the New Data Security Law

Hand about to bang gavel on sounding block in the court roomBy Lecio De Paula, Jr., Director of Data Privacy, KnowBe4. New Hampshire joins Ohio, South Carolina, and Michigan in enacting a new data security law directed at insurers modeled after the National Association of Insurance Commissioners (NAIC) Model Law of National Association of Insurance Commissioners. The Bill will take effect January 1, 2020.

What are the important facts to take away from this new law?

  1. Create a Written Information Security Program: Licensees are now required to create a comprehensive information security program based on the size and complexity of the licensee. Licensees will have to take into account their third-party service providers, sensitivity of the data, and the nature of the licensees’ activities.
  2. Incident Response Plan: Each licensee is required to establish an incident response plan designed to respond to and recover from any cybersecurity event that compromises company non public information (such as a successful phishing attack).
  3. Board of Directors: The licensee board or appropriate committee of the board are mandated to ensure that executive management develops or delegates the development of the licensee’s written information security program.

The New Hampshire State insurance commissioner has the right to take action to enforce the new law, and violations can result in the suspension or revocation of a licensee’s certificate of authority or license. There is also a monetary penalty of up to US $2500 per violation. Despite current legislation being directed at specific industries, we can see by other laws such as the California Consumer Protection Act (CCPA) that legislation is moving towards broad, personal data protection laws.

As part of creating a written information security security program, licensees are mandated to conduct risk assessments. After conducting a risk assessment, licensees are required to provide their personnel with new-school security awareness training to reflect the risks identified in the risk assessment. It seems that states are catching on to the fact that the best way to protect company information is to empower their users and create a human firewall.

The world's largest library of security awareness training content is now just a click away!

You can now get access to our ModStore Preview Portal to see our full library of security awareness content; including 900+ interactive modules, videos, games, posters and newsletters. You can browse, search by title, category, language or content topics.


The ModStore Preview Includes:

checkmark Interactive training modules
checkmark Compliance modules
checkmark Videos
checkmark Trivia Games
checkmark Posters and Artwork
checkmark Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:



Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews