Iowa Code
Chapter 507F - INSURANCE DATA SECURITY
Section 507F.10 - Cybersecurity event reinsurers.

507F.10 Cybersecurity event reinsurers.
1. If a cybersecurity event involves nonpublic information used by, or that is in the possession, custody, or control of, a licensee that is acting as an assuming insurer and that does not have a direct contractual relationship with consumers affected by the cybersecurity event, the assuming insurer shall notify each of the assuming insurer’s affected ceding insurers and the commissioner of the assuming insurer’s state of domicile within three business days of determining that a cybersecurity event has occurred. A ceding insurer that has a direct contractual relationship with a consumer affected by the cybersecurity event shall comply with the applicable provisions of section 715C.2, and all other applicable notification requirements pursuant to federal or state law.
2. If a cybersecurity event involves nonpublic information that is in the possession, custody, or control of a third-party service provider of a licensee that is acting as an assuming insurer, the assuming insurer shall notify each of the assuming insurer’s affected ceding insurers and the commissioner of the assuming insurer’s state of domicile within three business days of the date the assuming insurer receives notice from the assuming insurer’s third-party service provider that a cybersecurity event involving nonpublic information has occurred. A ceding insurer that has a direct contractual relationship with a consumer affected by the cybersecurity event shall comply with the applicable provisions of section 715C.2, and all other applicable notification requirements pursuant to federal or state law.
3. Notwithstanding any law to the contrary, a licensee acting as an assuming insurer shall have no other notice obligations related to a cybersecurity event or other data breach than the notice requirements pursuant to subsections 1 and 2.
2021 Acts, ch 79, §10, 17
Section effective January 1, 2022; 2021 Acts, ch 79, §17
NEW section

<< Previous
Next >>

Structure Iowa Code

Iowa Code

Title XIII - COMMERCE

Chapter 507F - INSURANCE DATA SECURITY

Section 507F.1 - Title.

Section 507F.2 - Purpose and scope.

Section 507F.3 - Definitions.

Section 507F.4 - Information security program.

Section 507F.5 - Third-party service provider arrangements.

Section 507F.6 - Cybersecurity event — investigation.

Section 507F.7 - Cybersecurity event — notification and report to the commissioner.

Section 507F.8 - Cybersecurity event — notification to consumers.

Section 507F.9 - Cybersecurity event — third-party service providers.

Section 507F.10 - Cybersecurity event reinsurers.

Section 507F.11 - Cybersecurity event — producers of record.

Section 507F.12 - Confidentiality.

Section 507F.13 - Applicability.

Section 507F.14 - Penalties.

Section 507F.15 - Rules and enforcement.

Section 507F.16 - Severability.