member questions answered by our highly-qualified technical specialists.
If you have not registered for members-only sevices from PIA click here.
Browse by topic
Cybersecurity
Cybersecurity regulation—covered entity compliance deadline
Is a covered entity required to certify compliance with all the requirements of 23 NYCRR 500 cybersecurity regulation on Feb. 15, 2018?
Cybersecurity regulation—agency limited exemption compliance timeline and how to file
If I qualify for the limited exemption, when and how do I file the exemption form with the state?
Cyber security regulation—definitions
What is a “cyber security event”? What is “nonpublic information”?
Cyber security regulation—risk assessment
Is there a specific qualification for the risk assessor? In other words, can the owner/principal of the agency or an agency employee perform the risk assessment? Could it be our third-party informational technology professional? Does it have to be a third party? Is there a New York state-approved vendors list?
Cyber security regulation—who is subject?
Who is subject to the cyber security regulation?
Cyber security regulation—submitting limited exemption
What are the steps to submit my New York cyber security limited exemption online? What if I need to amend an exemption or no longer qualify for the exemption?
Cyber security regulation—reportable events
When is an unsuccessful cyber security attack a reportable event?
Cyber security regulation—notices
How should a covered entity submit cyber security event notices, compliance certifications and exemption notices to the department?
Cyber security regulation—noncompliance penalty
What would the penalty be if an insurance agent or broker did not comply with the New York cyber security regulation?
Cyber security regulation—third-party service providers
What are “third-party service providers”?
Cyber security regulation—covered entity
Can an entity be both a covered entity and a third-party service provider under New York’s 23 NYCRR Part 500 cyber security regulation?
Cyber security regulation—encryption
Do the New York cyber security regulations require me to encrypt my email and policyholder data?
Cyber security regulation—limited exemption form required for employees?
Do my licensed employees, agents and representatives need to submit their own individual “Notice of Exemption” forms?
Cyber security regulation—compliance with limited exemption
If I qualify for the limited exemption, what do I need to do?
Cyber security regulation—shell corporations
I have a partner who also has an independent insurance agency. We created an insurance-licensed entity for company appointment purposes, as well as a formal means of joining us together. This entity is owned by the two of us. It has no employees, no computers and does not transact business. Does our cyber security program (from either or both agencies) cover this?
Cyber security regulation—limited exemption
What is the limited exemption?
Cyber security regulation—multi-factor authentication
Are all third-party service providers required to implement multi-factor authentication and encryption when dealing with a covered entity?
Cybersecurity regulation—when do I need to comply?
By what date do I need to be in compliance with the New York state cybersecurity regulation?
If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?
If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?
Cybersecurity regulation—filing date for Certification of Compliance
I am completing the new requirements specified under the Limited Exemption requirements of 23 NYCRR 500. We filed our Limited Exemption form as required, and I assumed we had to file the compliance statement by Aug. 28, 2017, but upon re-reading the information we have, it appears we only need to file that form between Jan. 1, 2018, and Feb. 15, 2018 (and every year by Feb. 15). Do we actually wait to file this form, or are we supposed to file it now?
Cyber security regulation—where to start
To comply with the cyber security regulation, where should I start?
Cyber security regulation—no agency management system
Am I required to comply with the cyber security regulation if my agency does not have an agency management system? The policies I write for carriers are done on the internet, and all the information is uploaded to the carrier’s database. There are no Social Security numbers or driver’s license numbers stored in my computer.
General Data Protection Regulation compliance
I have heard that the European Union just passed a cybersecurity regulation. Does it impact producers in the U.S.? If so, how do we comply with it?
Cyber security regulation—what am I exempt from?
I filed the exemption, but I can’t find anywhere what we are exempted from. What is the point of filing the exemption notice when doing so doesn’t seem to exempt us from anything?
Cyber security regulation—key dates for compliance
What are the dates I need to know for New York’s cyber security compliance?
Cyber security regulation—retired licensee
I’m retired and no longer using my insurance license. I don’t use a computer or information system, nor do I retain any policyholder information. What do I need to do? Am I exempt?
Notification of data breach
I think that my computer information system was breached by a hacker. Am I required to notify my clients?
Cyber requirements for non-resident licensees
Are nonresident N.Y. licensees subject to the new cyber requirements?