The following blog excerpt on “New York State launches investigation of top insurance companies’ cybersecurity practices. Who’s next?” was written by the external legal counsel of the CSA, Ms. Francoise Gilbert of the IT Law Group. We repost it here with her permission. It can be viewed in its original form at: http://www.francoisegilbert.com/2013/06/new-york-state-launches-investigation-of-cybersecurity-practices-of-top-insurance-companies-whos-next/
The State of New York has launched an inquiry into the steps taken by the largest insurance companies to keep their customers and companies safe from cyber threats. This is the second inquiry of this kind. Earlier this year, a similar investigation targeted the cyber security practices of New York based financial institutions.
On May 28, 2013, the New York Department of Financial Services (DFS) issued letters pursuant to Section 308 of the New York Insurance Law (“308 Letters”) to 31 of the country’s largest insurance companies, requesting information on the policies and procedures they have in place to protect health, personal and financial records in their custody against cyber attacks.