Jul 9, 2019
Cyber security legislation passes Senate and House
Both the New Hampshire Senate and House of Representatives adopted the conference committee amendments to the cyber security legislation (S.B.194). The legislation—based on the National Association of Insurance Commissioners’ model data security legislation—specifies what measures must be taken should nonpublic information, which is held by a licensed agent, be accessed by unauthorized users.
For licensees with 20 or more employees, a data security program must be developed to best protect nonpublic information. These programs do not need to be certified by the state, but insurers do need to file them with the New Hampshire Insurance Department annually.
The legislation does not require licensees with fewer than 20 employees to develop a cyber security program. However if licensees, with fewer than 20 employees, have cyber-event occurrences, they must still comply with the legislation’s notice requirements.
Legislators included language so that compliance with New York’s cyber security regulation is sufficient to comply with the New Hampshire legislative requirements.
The bill now will go to Gov. Chris Sununu for his consideration.