MONTH-IN-BRIEF (Apr 2021)
Maine Enacts Insurance Data Security Act
By Roxanne Eastes, Young Conaway Stargatt & Taylor, LLP
On March 17, 2021, the Governor of Maine signed a new data protection law that goes into effect on January 1, 2022. The Maine Insurance Data Security Act establishes standards for insurance data security, but does not create or curtail any private causes of action that exist in the absence of the law.
Under this statute, Maine insurance carriers have certain requirements for the investigation and notification to consumers of “cyber security events” such as information leaks. The insurance carriers are also required to implement a written information security program that must be designed to:
A. Protect the security and confidentiality of nonpublic information and the security of the insurance carrier’s information systems;