The bill amends Section 27-13.1-3 of the General Laws to make the language gender-neutral and grants the director or the director's examiners the authority to conduct examinations of any company as often as necessary, with a minimum requirement of once every five years. The director's discretion in scheduling examinations will be based on various factors, including financial analyses and management changes, and may accept examination reports from other states under certain conditions. Additionally, the bill introduces a new section, 27-1-46, which requires each domestic insurance company to develop, implement, and maintain a comprehensive written information security program to protect nonpublic information and the insurer's information system. The program must include administrative, technical, and physical safeguards and be based on the insurer's risk assessment. The bill defines relevant terms and outlines the objectives and requirements for the information security program, including the protection of nonpublic information, the information system, and the minimization of harm to consumers.
The bill also mandates insurers to evaluate the adequacy of their policies, procedures, and systems in various operational areas, implement safeguards to manage identified threats, and annually assess the effectiveness of these safeguards. Insurers must design their information security programs to mitigate risks, considering the size and complexity of their operations, the use of third-party service providers, and the sensitivity of nonpublic information they handle. The bill specifies a range of security measures insurers must consider and emphasizes the importance of oversight and accountability in managing cybersecurity risks within the insurance industry. Furthermore, the bill requires insurers to establish a written incident response plan to handle cybersecurity events, regularly monitor and adjust their security programs, and annually certify compliance with these requirements to the commissioner. There are no deletions from current law mentioned in the summary provided.
Statutes affected: 2802 SUB A: 27-13.1-3
2802: 27-13.1-3