Investor Presentaiton slide image

Investor Presentaiton

Data Protection Requirements Affecting Insurance Industry before SCIDSA Requirement Third Party Service Providers 16 CFR Section §314.4(d) HIPAA (1996) (PHI) Yes. HIPAA applies to business associates as well. Employees must be trained GLBA (1999) (PII) Select service providers that are able to maintain appropriate safeguards, contractually require service providers to maintain safeguards, and oversee service providers' handling of customer information Yes. Employee Training 16 CFR § 314.4(b)(1) Investigation 16 CFR §314.4(b)(3) Notifications Interagency Guidance issued by the FTC and Federal Financial Institutions Examinations Council (FFEIC). Designate employees to implement ISP 16 CFR § 314.4(a) Yes. HHS also requires covered entities to notify individuals when their unsecured PHI has been breached Covered entities are required to assign responsibility to the ISP to appropriate individuals Yes. OCC and FRB requires financial institutions to notify the regulator, affected customers, etc., when there has been unauthorized access to sensitive information. Yes.
View entire presentation