New Ohio Cyber Law to Take Effect
A new Ohio measure takes effect on March 20, creating new cybersecurity requirements for insurance companies. The bill is based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. Ohio is the second state to adopt a similar legislation; North Carolina already has a version.
The legislation will require insurers to develop, implement, and maintain a comprehensive security program based on their risk assessment. It applies to all private individuals or non-government bodies required to be registered or licensed under Ohio's insurance laws. Insurers will need to reasonably identify internal and external threats that could lead to unauthorized access, disclosure, misuse, alteration, and the like — including those held by third-party vendors.