Ask PIA

Ask PIA is a members-only searchable database featuring hundreds of member questions answered by our highly-qualified technical specialists

Browse by topic

Cybersecurity

310412-00

Cyber security regulation—no agency management system

Am I required to comply with the cyber security regulation if my agency does not have an agency management system? The policies I write for carriers are done on the internet, and all the information is uploaded to the carrier’s database. There are no Social Security numbers or driver’s license numbers stored in my computer.

310420-00

Cyber security regulation—noncompliance penalty

What would the penalty be if an insurance agent or broker did not comply with the New York state cyber security regulation?

310421-00

Cyber security regulation—notices 

How should a covered entity submit cyber security event notices, compliance certifications, and exemption notices to the department?

310424-00

Cyber security regulation—multi-factor authentication

Are all third-party service providers required to implement multi-factor authentication and encryption when dealing with a covered entity?

310428-00

Cyber security regulation—shell corporations

I have a partner who also has an independent insurance agency. We created an insurance-licensed entity for company appointment purposes, as well as a formal means of joining us together. This entity is owned by the two of us. It has no employees, no computers, and does not transact business. Does our cyber security program (from either or both agencies) cover this?

310437-00

Cyber security regulation—limited exemption form required for employees?

Do my licensed employees, agents, and representatives need to submit their own individual “Notice of Exemption” forms?