§ 8609. Exceptions.
§ 8609. Exceptions. (a) The following exceptions apply to this chapter: (1) A licensee with fewer than 15 employees is exempt from § 8604 of this chapter. (2) A licensee subject to the Health Insurance Portability and Accountability Act [P.L. 104-191, as amended] that has established and maintains an information security program under the statutes, […]
§ 8610. Penalties.
§ 8610. Penalties. If a licensee violates this chapter, the licensee may be subject to penalties under § 329 of this title. 82 Del. Laws, c. 176, § 1;
§ 8611. Regulations.
§ 8611. Regulations. The Commissioner may, in accordance with § 311 of this title, promulgate regulations necessary to carry out the provisions of this chapter. 82 Del. Laws, c. 176, § 1;
§ 8608. Confidentiality.
§ 8608. Confidentiality. (a) (1) Documents, materials, or other information in the Department’s control or possession that a licensee or employee or agent acting on behalf of a licensee furnished under § 8604(i) or § 8606(b)(2)b., (b)(2)c., (b)(c)d., (b)(2)e., (b)(2)h., (b)(2)j., or (b)(2)k. of this title, or that the Commissioner obtained in an examination or […]
§ 8601. Short title.
§ 8601. Short title. This chapter is known and may be cited as the “Insurance Data Security Act.” 82 Del. Laws, c. 176, § 1;
§ 8602. Purpose and intent.
§ 8602. Purpose and intent. (a) Notwithstanding any other provision of law, this chapter establishes the exclusive state standards for data security and the investigation of, and notification to, the Commissioner and consumers when a cybersecurity event involving a licensee under this title occurs. (b) This chapter may not be construed to create or imply […]
§ 8603. Definitions.
§ 8603. Definitions. As used in this chapter: (1) “Authorized individual” means an individual to whom a licensee gave authorization to access and use nonpublic information that the licensee and the licensee’s information system holds. (2) “Commissioner” means the Insurance Commissioner of the State of Delaware. (3) “Consumer” means an individual, including an applicant, policyholder, […]
§ 8604. Information security program [For application of this section, see 82 Del. Laws, c. 176, § 2].
§ 8604. Information security program [For application of this section, see 82 Del. Laws, c. 176, § 2]. (a) Implementation of an information security program. — (1) A licensee shall develop, implement, and maintain a comprehensive, written information security program that is based on the licensee’s risk assessment and contains administrative, technical, and physical safeguards […]
§ 8605. Investigation of a cybersecurity event.
§ 8605. Investigation of a cybersecurity event. (a) If a licensee learns that a cybersecurity event has or may have occurred, the licensee, or an outside vendor or service provider designated to act on behalf of the licensee, shall conduct a prompt investigation. (b) During an investigation under this section, the licensee, or an outside […]
§ 8606. Notification of a cybersecurity event.
§ 8606. Notification of a cybersecurity event. (a) Notification to the Commissioner. — A licensee shall notify the Commissioner as promptly as possible but in no event later than 3 business days from the licensee’s determination that a cybersecurity event has occurred if either of the following criteria has been met: (1) The licensee is […]