Ask PIA is a members-only searchable database featuring hundreds of
member questions answered by our highly-qualified technical specialists
If you have not registered for members-only sevices from PIA click here.
Search
Browse by topic
Cybersecurity
310411-00
Cyber security regulation—risk assessment
Is there a specific qualification for the risk assessor? In other words, can the owner/principal of the agency or an agency employee perform the......
310412-00
Cyber security regulation—no agency management system
Am I required to comply with the cyber security regulation if my agency does not have an agency management system? The policies I write for......
310415-00
Cyber security regulation—who is subject?
Who is subject to the cyber security regulation?...
310416-00
Cyber security regulation—limited exemption
What is the limited exemption?...
310417-00
Cyber security regulation—compliance with limited exemption
If I qualify for the limited exemption, what do I need to do?...
310419-00
Cyber security regulation—where to start
To comply with the cyber security regulation, where should I start?...
310420-00
Cyber security regulation—noncompliance penalty
What would the penalty be if an insurance agent or broker did not comply with the New York cyber security regulation?...
310421-00
Cyber security regulation—notices
How should a covered entity submit cyber security event notices, compliance certifications and exemption notices to the department?...
310422-00
Cyber security regulation—covered entity
Can an entity be both a covered entity and a third-party service provider under New York’s 23 NYCRR Part 500 cyber security regulation?...
310424-00
Cyber security regulation—multi-factor authentication
Are all third-party service providers required to implement multi-factor authentication and encryption when dealing with a covered entity?...
310428-00
Cyber security regulation—shell corporations
I have a partner who also has an independent insurance agency. We created an insurance-licensed entity for company appointment purposes, as well......
310429-00
Cyber security regulation—third-party service providers
What are “third-party service providers”?...
310430-00
Cyber security regulation—definitions
What is a “cyber security event”? What is a "cyber security incident? What is “non-public information”?...
310434-00
Cyber security regulation—reportable events
When is an unsuccessful cyber security attack a reportable event?...
310435-00
Cyber security regulation—encryption
Do the New York cyber security regulations require me to encrypt my email and policyholder data?...
310436-00
Cyber security regulation—submitting limited exemption
What are the steps to submit my New York cyber security limited exemption online? What if I need to amend an exemption or no longer qualify for......
310437-00
Cyber security regulation—limited exemption form required for employees?
Do my licensed employees, agents, and representatives need to submit their own individual “Notice of Exemption” forms?...
310463-00
Cyber security regulation—what am I exempt from?
I filed the exemption, but I can’t find anywhere what we are exempted from. What is the point of filing the exemption notice when doing......
310474-00
Cyber security regulation—retired licensee
I’m retired and no longer using my insurance license. I don’t use a computer or information system, nor do I retain any......
310481-00
If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?
If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?...
310482-00
Notification of data breach
I think that my computer information system was breached by a hacker. Am I required to notify my clients?...
310509-00
Cyber security regulation—inactive licensee
I’m licensed but do not actively use my license. What do I need to do? Am I exempt?...
310515-00
Cyber security regulation—access privileges and management
What are the responsibilities of an agency to limited user access to non-public information under 23 NYCRR 500? ...
900429-00
General Data Protection Regulation compliance
I have heard that the European Union passed a cyber security regulation. Does it impact producers in the U.S.? If so, how do we comply with it?...