Ep. 73: NY Cybersecurity Compliance Requirements

by | Aug 14, 2018

Howard W. Greene is the Director of Strategic Initiatives at Excess Line Association of New York (ELANY), a non-profit industry advisory association. Theodore P. Augustinos is a Managing Partner at Locke Lord LLP, a full-service law firm that is recognized for its solid reputation in complex litigation, regulatory, and transactional work. David Burgeson is the Chief Operating Officer at Renaissance Systems Inc., a nationwide provider of compliance-based IT services, programming, big data analytics, and security solutions.

Howard, Theodore, and David join us to discuss the topic of cybersecurity in the insurance industry. They share their wisdom regarding compliance, regulations, and how a company should respond to a cybersecurity threat and describe how their companies guarantee data security of third-party apps. They also explain how they dispose of data properly and share tips on how to strengthen a company’s cybersecurity in accordance with the new regulations.

“Most of the data breaches aren't from the third world, but internally.” - David Burgeson

What you'll learn:

  • Where the insurance industry currently stands on cybersecurity regulations?
  • Who are the covered entities under the regulations?
  • What is Section 500.06 all about and what it requires.
  • How brokers detect and respond to cybersecurity events.
  • How long companies should retain records.
  • How companies can test the security of third-party apps.
  • How often companies should review their testing procedures.
  • What counts as secured disposal of data?
  • The type of data you can't dispose of easily.
  • The kind of policies and procedures brokers can reasonably implement.
  • Why encryption is a non-option for data security.
  • Their advice to those wanting to enter the insurance industry.

Connect with our guests

Connect with Howard Greene:

Connect with Theodore Augustinos:

Connect with David Burgeson:

Key Takeaways:

  • Make security and compliance a part of the culture and operations of your organization.
  • You need to have some level of control that would reveal whether employees or other unauthorized users may be improperly accessing, using, or tampering with data.
  • As you’re deploying new technologies, it's important to design data mapping and disposal for your facilities.
  • You need to have procedures for evaluating, assessing, or testing the security of apps.

This episode was brought to you by

Insurance Licensing Services of America (ILSA), America’s premier regulatory compliance experts. To learn more visit ILSAinc.com.


Related Episodes:

Subscribe Today!

Click your favorite podcast platform