Fisher Phillips writes:
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is getting in on the action. On July 2, Missouri’s Governor approved House Bill 974, “The Insurance Data Security Act,” which will establish standards for insurers and licensed entities regarding data security, breach investigations, and notification protocols when it takes effect on January 1, 2026. What are the 10 things insurers and licensed entities need to know about this law, and where does it fit into the national picture?
Here is just one of the 10 things in their article:
9. Notification Requirements
Licensees must notify the Insurance Director within four business days when a cybersecurity event involving nonpublic information has occurred when either:
- Missouri is the licensee’s state of domicile or an insurer’s home state, and the cybersecurity event has a reasonable likelihood of materially harming a Missouri resident or a reasonable likelihood of materially harming normal business operations; OR
- The licensee reasonably believes that 250+ Missouri consumers’ nonpublic information is involved and
- Requires reporting to any other state or federal law regulatory, or
- Has a reasonable likelihood of harming a Missouri consumer or business operations.
Read more at JDSupra.
