Big data equals big trouble, or at least it can. In a world where practically every business collects customer data, there is the potential of data being stolen and used to harm or embarrass people who have done nothing more nefarious than, say, purchase insurance.
You probably already take customer data, and the need to protect it, seriously. If you are doing business in Connecticut, Maine, New Hampshire, Ohio, Rhode Island or Vermont you need to understand the laws specifically dealing with data breaches of insurance businesses in those states.
In Connecticut, look for Connecticut Insurance Department Bulletin IC-25, which addresses the specific requirements affecting insurance businesses. Among other things, companies must notify the department of any breaches as soon as possible, but no later than five days after discovery of the breach.
In Maine, look for Bureau of Insurance Bulletin 345, which also requires timely notification of the Bureau.
In New Hampshire, the department has not issued a bulletin, but does require immediate notification of the department.
In Ohio, the department requires notification within 15 days of discovering a breach affecting more than 250 residents.
In Rhode Island, look for Insurance Regulation 107, which requires “expedient” notification.
In Vermont, look for Bulletin 1, which requires notification within 14 days of discovery.
