On April 3, 2019, Senate Bill No. 2831 otherwise known as the Insurance Data Security Law (the "Cybersecurity Law") was signed into law by the Governor. The Cybersecurity Law became effective on July 1, 2019 and is codified in Sections 83-5-801 to 83-5-825.
The Cybersecurity Law defines the requirements applicable to a "licensee" and establishes standards for data security and standards for the investigation of and notification to the Commissioner of a cybersecurity event
Insurance Data Security Act becomes effective. This requires, among other things, that a licensee notify the Commissioner no later than three (3) business days after determining that a cybersecurity event involving nonpublic information has occurred when certain criteria are met.
Licensees must have implemented the requirements of Section 83-5-807 by this date. This section requires that licensees establish a comprehensive, written information security program by July 1, 2020. (See key exceptions to the Cybersecurity Law below)
Beginning on this date, each insurer domiciled in Mississippi must annually submit to the Commissioner a written statement certifying that the insurer is in compliance with the requirements set forth in Section 83-5-807.
Licensees must have implemented the requirements of Section 83-5-807(6) by this date. This section details additional requirements for licensees who contract with third-party service providers that maintain, process, store or otherwise is permitted access to nonpublic information through its provision of services to the licensee. (See key exceptions to the Cybersecurity Law below)
Exception Certification Form (Only Licensees who are Insurers and have an NAIC # are required to complete this form)
A licensee shall notify the Commissioner no later than three (3) business days after determining that a cybersecurity event involving nonpublic information has occurred.
To report a Cybersecurity Event via our website, please click on the following link: Report A Cybersecurity Event
Cybersecurity Notification Form (All Licensees pursuant to Section 83-5-811)
Information Security Program Certification Form (Domesitic Insurers only who do not meet exemption requirements pursuant to Section 83-5-817)
The Department will issue additional guidance regarding the implementation of this legislation below as it becomes available.
Questions concerning the Insurance Data Security Law or the reporting of a cybersecurity event can be sent to cyberreporting@mid.ms.gov