Bill > HB739

This bill: - Adds a new chapter to Title 40 (Insurance) of the Pennsylvania Consolidated Statutes, providing requirements for insurance data security, including requiring insurers and other licensees to conduct risk assessments, develop information security programs, maintain corporate oversight, and oversee third-party service provider arrangements. - Repeals provisions relating to a "small company exemption" from certain reserve liability requirements and instead provides for the commissioner to adopt exemption standards specified in the NAIC Valuation Manual. - Imposes penalties for violations of the new insurance data security requirements, including suspension or revocation of licenses and monetary fines. The bill is intended to strengthen data security practices in the insurance industry in Pennsylvania, bringing the state's requirements in line with national standards set by the National Association of Insurance Commissioners (NAIC). It provides a framework for insurers and other licensees to assess and mitigate cyber risks, while also requiring notification to the state insurance commissioner of any significant cybersecurity events.

Budget and Finance, Business and Industry

https://www.legis.state.pa.us/cfdocs/billinfo/bill_history.cfm?syear=2023&sind=0&body=H&type=B&bn=739