Thank You!

Join our community for free to access exclusive whitepapers, reports, and regulatory information.

By signing up you agree to OneTrust DataGuidance's Terms and Conditions and Privacy Policy.

Already have an account? Log in

Upgrade to a premium account to save this to your customizable Workspace

Save and organize information most relevant to you Share your research and collaborate with other DataGuidance users Get alerts based on your topics of interest

Already have an account? Log In

01 June 2021

Iowa: Bill on standards for data security signed into law

The Iowa Governor, Kim Reynolds signed, on 30 April 2021, the House File No. 719 on the Insurance Data Security Act, into law. In particular, the Act sets standards for data security, investigations, and notifications of cybersecurity events, and penalties for certain licensees under the jurisdiction of the Commissioner of Insurance.

Moreover, the Act requires the covered licensees, among other things, to:

conduct periodic specified risk assessments;
develop, implement, and maintain a comprehensive written information security program that sets particular objectives and considers specified safeguards;
create a cybersecurity incident response plan;
designate one or more employees, an affiliate, or a third party as responsible for their information security program;
annually submit, by 15 April, a written compliance certification to the Commissioner of Insurance; and
document investigations and keep records for a minimum of five years.

Lastly, the Act will take effect on 1 January 2022. However, covered licensees have until 1 January 2023 to comply with most of the information security program requirements, and 1 January 2024 to meet third-party service provider obligations.

You can read the Act here and view its history here.