The State of Illinois has enacted Public Act 103-0142, otherwise known as the Illinois Insurance Data Security Law, effective January 1, 2024. Under the new law, all Illinois Department of Insurance licensees are required to comply with prescribed cybersecurity requirements related to:
- Maintenance of an Information Security Program;
- Investigation of Cybersecurity Events;
- Notification of Cybersecurity Events;
Under the Illinois Insurance Data Security Law, which contains some limited exceptions, all licensees are required to implement a compliant cybersecurity program. Exceptions from the law are available for licensees with fewer than 50 employees, or for licensees with are subject to certain federal privacy and security rules including HIPAA.
Additionally, all insurance carriers domiciled in Illinois must file a form certifying compliance with the program no later than April 15, 2025.
For questions regarding the maintenance of information security programs, cybersecurity event requirements, or filings with the Illinois Department of Insurance, please contact Westmont Associates.