507F.11 Cybersecurity event — producers of record.
If a cybersecurity event involves nonpublic information that is in the possession, custody, or control of a licensee that is an insurer, or in the possession, custody, or control of the insurer’s third-party service provider, and for which a consumer accessed the insurer’s services through an independent insurance producer, the insurer shall notify the insurance producer of record of each consumer affected by the cybersecurity event no later than the date on which notice is provided to affected consumers pursuant to section 507F.7. An insurer shall not be required to notify an insurance producer that is not authorized by law or contract to sell, solicit, or negotiate on behalf of the insurer, or in a circumstance in which the insurer does not have current contact information for the producer of record for a specific affected consumer.
2021 Acts, ch 79, §11, 17
Section effective January 1, 2022; 2021 Acts, ch 79, §17
NEW section
Structure Iowa Code
Chapter 507F - INSURANCE DATA SECURITY
Section 507F.2 - Purpose and scope.
Section 507F.4 - Information security program.
Section 507F.5 - Third-party service provider arrangements.
Section 507F.6 - Cybersecurity event — investigation.
Section 507F.7 - Cybersecurity event — notification and report to the commissioner.
Section 507F.8 - Cybersecurity event — notification to consumers.
Section 507F.9 - Cybersecurity event — third-party service providers.
Section 507F.10 - Cybersecurity event reinsurers.
Section 507F.11 - Cybersecurity event — producers of record.
Section 507F.12 - Confidentiality.
Section 507F.13 - Applicability.