On July 31, 2019 and August 2, 2019, Delaware and New Hampshire became the latest states to implement data security laws regulating the insurance industry.
Both laws include a 72-hour data breach notification deadline and a requirement that most insurance licensees have “a written information security program in which administrative, technical, and physical safeguards are implemented based on the results of a risk assessment.”