Last Action | 04/08/22: signed by Governor (Acts Ch. 149) |
---|---|
Title | AN ACT relating to insurance data security. |
Bill Documents |
Acts Chapter 149
Current/Final Introduced |
Bill Request Number | 1028 |
Sponsor | M. Pollock |
Summary of Original Version | Create new sections of Subtitle 3 of KRS Chapter 304 to establish definitions; require licensees to conduct risk assessments; require licensees to develop an information security program, including an incident response plan; require licensees to investigate cybersecurity events and potential cybersecurity events; establish recordkeeping requirements relating to cybersecurity events; establish reporting requirements relating to cybersecurity events; require licensees to comply with KRS 365.732; provide exceptions for certain provisions; authorize the commissioner to examine and investigate licensees for potential violations and take action necessary to enforce relevant provisions; establish how and under what circumstances documents, materials, or other information may be used or disclosed; prohibit the commissioner or other persons acting on under the authority of the commissioner from testifying in a private civil action concerning confidential documents, materials, or other information; provide that a licensee may be penalized for violations in accordance with KRS 304.99-020; authorize the commissioner to promulgate administrative regulations pursuant to KRS 304.2-110; provide for severability; establish a timeframe for implementation of certain provisions; EFFECTIVE January 1, 2023. |
Index Headings of Original Version |
Effective Dates, Delayed - Insurance, data security, requirements, January 1, 2023 Insurance - Data security, requirements Information Technology - Insurance, data security, requirements |
Jump to Proposed Amendments | Senate Committee Substitute 1 |
Votes | Vote History |
02/10/22 |
|
---|---|
02/15/22 |
|
02/16/22 |
|
02/17/22 |
|
02/22/22 |
|
02/23/22 |
|
03/03/22 |
|
03/15/22 |
|
03/16/22 |
|
03/17/22 |
|
03/23/22 |
|
03/24/22 |
|
03/25/22 |
|
03/29/22 |
|
03/30/22 |
|
04/08/22 |
|
Amendment | Senate Committee Substitute 1 |
---|---|
Summary | Retain original provisions except replace certain requirements for a licensee's board of directors with requirements for executive management; modify circumstances under which licensees are deemed to comply with the data security requirements; provide that financial institution licensees are deemed to comply with the data security requirements under certain circumstances; make technical amendments, effective January 1, 2023. |
Index Headings |
Effective Dates, Delayed - Insurance, data security, requirements, January 1, 2023 Insurance - Data security, requirements Information Technology - Insurance, data security, requirements Banks and Financial Institutions - Insurance, data security, requirements |
Last updated: 2/8/2023 2:57 PM (EST)