ILL INS Insurance Data Security Law


On Mar. 22, ILL INS issued bulletin on cybersecurity requirements.


  • ILL INS issued Bulletin CB-2024-10 on compliance with Insurance Data Security Law.
  • Follows ILL LEG 2023 Act 103-0142 creating the Law, effective Jan. 1, 2024, #178240.
  • Notification and Investigation
  • Bulletin notifies of new requirements under Act 103-0142 for all insurance companies.
  • If a company experiences a cybersecurity event, the company must notify ILL INS by email within 3 business days after determination that cybersecurity event occurred.
  • The notification must meet all the data requirements of ILL INS 215-20 possible.
  • Impacted company has continuing obligation to update ILL INS to material changes.
  • Event investigation must be done in accordance with ILL INS 215-15, in addition to all reporting requirements in Illinois Personal Information Protection Act ILL LEG 815-530.
  • Annual Certification of Compliance Filing
  • Insurers must submit annual certification of compliance with Sec. 10 of the Law, ILL INS 215-10 by Apr. 15 2025; firms seeking exemption must request by Apr. 15, 2024.

Regulators ILL INS
Entity Types Ins
Reference Bul CB-2024-10, 3/22/2024; Pub Act 103-0142; Citation: ILL INS 215; ILL LEG 815;
Functions Compliance; Cyber; Operations; Reporting; Technology
Countries United States of America
Category
State
Products Insurance; Insurance-Casualty; Insurance-Health; Insurance-Life; Insurance-Property
Regions Am
Rule Type Final
Rule Date 3/22/2024
Effective Date 4/15/2024
Rule Id 205556
Linked to Rule :178240
Reg. Last Update 3/22/2024
Report Section US Insurance

Last substantive update on 03/27/2024