The Rhode Island Insurance Division published a bulletin providing an overview of the state’s insurance data security statute to help insurers with compliance. R.I. General Laws § 27-1-46, effective January 1, 2025, sets forth the standards for insurers to have an adequate information security system.
R.I. General Laws § 27-1-46 applies only to domestic insurers; foreign insurers are not required to comply with the statute. The Department clarifies the use of “commensurate with the size and complexity of an insurer” to mean that larger and more complex insurers should have a more robust information security system compared to a small insurer.
Insurers should carefully select third-party service providers and make sure they have implemented measures to protect nonpublic information. Insurers must notify the Department if there has been a cybersecurity event that has a reasonable likelihood of harming insureds in the state. A formal notification is only necessary if over 50 insureds have been harmed.
This premium content is locked for FC&S Coverage Interpretation Subscribers
Enjoy unlimited access to the trusted solution for successful interpretation and analyses of complex insurance policies.
- Quality content from industry experts with over 60 years insurance experience, combined
- Customizable alerts of changes in relevant policies and trends
- Search and navigate Q&As to find answers to your specific questions
- Filter by article, discussion, analysis and more to find the exact information you’re looking for
- Continually updated to bring you the latest reports, trending topics, and coverage analysis
Already have an account? Sign In Now
For enterprise-wide or corporate access, please contact our Sales Department at 1-800-543-0874 or email [email protected]