Displaying articles tagged with: data | Clear Filter

ODI Issues Guidance for Mandatory Reporting of Insurance-Related Data Breaches

Ohio became the third state to enact insurance-specific legislation pertaining to data security on March 20. While most of the bill’s requirements have staggered implementation dates, there is a portion that took effect in March.

If you believe your agency may have had a cybersecurity event occur that involved nonpublic information either in your system or in a system maintained by a third-party vendor, you are now required to take certain steps to address it.

The Ohio Department of Insurance (ODI) recently released several items to provide guidance to insurance agents and companies if a breach is thought to have occurred.
 

NEW INVESTIGATION AND BREACH REQUIREMENTS

Under Senate Bill 273, all agencies, regardless of size, are now required to comply with requirements to conduct a prompt investigation should they learn that a cybersecurity event that involves nonpublic information has or may have occurred either in their system or that of a third party vendor.

"Nonpublic information" means information that is not publicly available information and is one of the following:

(1) Business-related information of a licensee the tampering with, unauthorized disclosure of, access to, or use of which, would cause a material adverse impact to the business, operation, or security of the licensee;

(2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements:

  • Social Security number;

  • Driver's license, commercial driver's license, or state identification card number;

  • Account, credit card, or debit card number;

  • Any security code, access code, or password that would permit access to the consumer's financial account;

  • Biometric records.

(3) Any information or data, except age or gender, that is in any form or medium created by or derived from a health care provider or a consumer, that can be used to identify a particular consumer, and that relates to any of the following:

  • The past, present, or future physical, mental, or behavioral health or condition of the consumer or a member of the consumer's family; 

  • The provision of health care to the consumer;

  • Payment for the provision of health care to the consumer.

In addition, in certain instances, notification of a breach may be required to ODI within three business days. In the case of an agent discovering a cybersecurity event in a system maintained by a third-party service provider, any notification deadline would begin on the day after the third-party service provider notifies the agent of the cybersecurity event or the agent otherwise has actual knowledge of the cybersecurity event, whichever is sooner.

Where to find guidance

Several resources to help agencies comply with this requirement have been added to the newly-created Information Security Resource Center on ODI’s website. The resources that can be found to assist agents and companies include:

Please contact OIA and your cyber insurance carrier immediately if you think you may have had a cybersecurity event, so that we can help you understand any obligations you may have to report the event to ODI or to consumers.

Other Requirements of Ohio’s New Insurance-Specific Cybersecurity Law

OIA was able to make several improvements to Ohio’s cyber bill for agents, beyond what exists in the national model legislation and cyber bills that have passed in other states.

Notably, the majority of Ohio agencies will have a large burden alleviated as they will be exempt from a requirement to develop a comprehensive written cyber plan and exercise due diligence in selecting third-party service providers.

This is a big win, as the national model legislation sets the exemption at agencies with fewer than ten employees, including independent contractors.

Additionally, Ohio’s cyber law has language added that states that the superintendent of insurance shall consider the nature, scale and complexity of licensees (i.e. insurers and agencies) in administering the cyber law and adopting any rules necessary to implement the law.

This means consideration will be given to the ability of agencies to comply with the complexity of the law, and that any further rules developed should be “right-sized.”

WRITTEN CYBER PLAN AND THIRD-PARTY SERVICE PROVIDER DUE DILIGENCE REQUIREMENTS

Agencies are exempt from the requirement to develop and maintain a comprehensive written cybersecurity plan and exercise due diligence requirements over third-party service providers if they meet any of the following criteria:

(1) Have fewer than twenty employees.
(2) Have less than five million dollars in gross annual revenue.
(3) Have less than ten million dollars in assets, measured at the end of the agency’s fiscal year.

Agencies not exempt from these requirements have plenty of time to get ready to comply, as the requirements for a written cybersecurity plan are delayed for one year following the effective date of the bill (March 20, 2020), and the due diligence requirements for third- party service providers have a two-year delay (March 20, 2021).

WHAT YOU NEED TO DO RIGHT NOW

At this time, there is nothing you need to do (that is unless you think you may have had a data breach). Stay tuned -- OIA will continue to keep you informed on these new cyber requirements as more information becomes available to help comply with the various provisions of the bill.

RELATED RESOURCES:

Big ‘I’ Cyber Resources

NEED CYBER INSURANCE?

We can help! Click below to learn more about OIA's cyber coverage options!

LEARN MORE


Knowledge is Power

It may be cliche, but in business it’s the truth. Independent agents need to know what the landscape looks like to stay competitive and keep bringing in new talent. Through IntellAgents, you have exclusive access to data, including salary and benefits information, that can help you make informed business decisions.

We know there are several other organizations that provide national compensation studies, and we also know that those studies do not provide our average agents with information that they can put to use. The unique nature of our insurance marketplace causes those studies to be largely irrelevant when it comes to compensation and productivity.

On a weekly basis, OIA receives calls and questions from members regarding retaining and recruiting talent, and many of those questions relate directly to the compensation and benefits needed to attract quality employees. These types of questions drove us to focus on creating insights that are relevant to our marketplace regarding benefits and compensation.

Considering how competitive the insurance job market is these days, when you identify a potential employee, how much do you need to pay them to compete with other agencies? What benefits are other agencies offering, and how do yours compare? That’s information you can use and our goal is to help you get it.

On January 22nd , we launched our second annual compensation and benefits survey to gather Ohio-specific independent agent data. This is the first step toward being able to supply our members with data they can use. The response so far has been positive, but we need more agencies to participate to make sure we have a relevant data set. We need at least 20 percent participation; once we meet that benchmark, we will be able to tell you what the average compensation and benefits are in your region of the state. We know that there’s no sense in comparing pay in Franklin County to Marion County or any other area of the state. That’s why we need your participation to help us reach our goal and provide relevant information that you can rely on and put to use within your agency.

The survey asks for very specific data such as age and salary of your employees. All responses are kept strictly confidential and are only reported in the aggregate. No one will be able to identify your agency or a specific employee in your agency.

Don’t be left in the dark when trying to attract talent. 

Just for participating in the IntellAgents compensation and benefits survey, we will give you the results, a $150 value, for free. Depending on the size of your agency, the survey will take you between 15 and 30 minutes. We know how busy you are, but what is 30 minutes of your time worth to get information you can’t get anywhere else?

Two things to know before you start: You’ll need your agency’s National Producer Number (NPN) and your individual NPN to answer two questions. You can find both on the National Insurance Producer Registry.

Click here to begin survey!


About IntellAgents, LLC

IntellAgents, LLC is a first-of-its-kind, analytics-driven organization that specializes in actionable insights for independent agents. Founded in 2018 by Ohio Insurance Agents Association, it is the fastest-growing independent insurance data warehouse in the country. IntellAgents products and services are available in Ohio, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, North Carolina, and Pennsylvania. Availability in other states will continue to expand throughout 2019.

To find out more about IntellAgents check out intellagents.io


Ohio Insurance Agents Association establishes data analytics company

GAHANNA, OH – Ohio Insurance Agents Association, Inc. (OIA) creates IntellAgents, LLC, a first-of-its-kind, analytics-driven organization that specializes in actionable insights for independent agents.

IntellAgents, LLC was formed to help independent agents across the country leverage big data in order to make better business decisions for their agencies. Through partnerships with other state-based independent agents’ associations, IntellAgents will have access to thousands of isolated data points across independent insurance agencies and be able to turn them into business intelligence.

"The independent agency system has been overlooked and underutilized in a world driven by data analytics. That ends today. Through this collaborative effort, independent agents will have access to advanced data analytics resources and business intelligence to propel their businesses into the future," states Jeff Smith, CEO of OIA. "Ultimately, these efforts will allow independent agents nationwide to improve the experience and guidance they provide to consumers."

"We have built the largest warehouse of independent agent data in the country to help agents grow, make informed business decisions and compete in the ever-changing insurance marketplace. The benchmarks and insights that we can provide to agents are more relevant than the national benchmarks that are available today. Utilizing the data in a specific marketplace is much more meaningful to our agents and will allow them to make informed business decisions about the growth and future of their agencies," states Carey Wallace, CEO of IntellAgents.

To date, Ohio Insurance Agents Association is joined by six additional investors, including the Florida Association of Insurance Agents, Independent Insurance Agents of Illinois, Massachusetts Association of Insurance Agents, Michigan Association of Insurance Agents, Insurance Agents & Brokers of Pennsylvania, Maryland and Delaware, and Independent Insurance Agents of North Carolina, to lead the effort in bringing data analytics insights to independent agents.

IntellAgents products and services will be in the investor states, as well as several other “subscriber” states, in 2019. Availability will continue to expand rapidly throughout 2020.   

"We are excited to partner with our colleagues on this initiative that will provide our members the data-driven strategic insights they need to excel in today’s increasingly competitive environment," said Nicholas A. Fyntrilakis, President and CEO of the Massachusetts Association of Insurance Agents. "As an association, we need to evolve and ensure we are providing value to our agents, and IntellAgents is key to that evolution."

"Bringing together agent-led organizations who all share the same mission, to help independent insurance agents grow and prosper, ensures that our agents’ success is always the focus of IntellAgents. Our state association organizations are perfectly positioned to maintain the trust and loyalty of thousands of independent insurance agents across the country. It is a natural fit with our collective mission to leverage independent agents’ data to provide meaningful insights and offer business consulting services to put those insights to use in agencies across the country," said Carey Wallace. 

"The insurance industry has long relied on data to both improve and be more efficient. Unfortunately, independent insurance agents haven’t had the resources to do the same," said Jason Ernest, President and CEO of Pennsylvania-based Insurance Agents & Brokers.

"That changes today. Through IntellAgents, we will be providing agents the data points they need to compete better. We are very excited about this partnership."


About IntellAgents, LLC

IntellAgents, LLC is a first-of-its-kind, analytics-driven organization that specializes in actionable insights for independent agents. Founded in 2018 by Ohio Insurance Agents Association, it is the fastest-growing independent insurance data warehouse in the country. IntellAgents products and services are available in Ohio, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, North Carolina, and Pennsylvania. Availability in other states will continue to expand throughout 2019.

About Ohio Insurance Agents Association

Ohio Insurance Agents Association (OIA) is the collective voice of 1,300 independent agencies that employ nearly 10,000 Ohioans. We promote, progress and protect the professional advice and guidance only independent insurance agents provide. OIA members write 82 percent of the commercial insurance policies and 44 percent of personal insurance policies in Ohio. OIA helps agents by providing agency valuation, succession planning, generational health, operational benchmarking reports, other business solutions and industry thought leadership.