Virginia Administrative Code
Title 14 - INSURANCE
Agency 5 - STATE CORPORATION COMMISSION, BUREAU OF INSURANCE
Chapter 430 - INSURANCE DATA SECURITY RISK ASSESSMENT AND REPORTING
Section 14VAC5-430-70 - Consumer notification provisions

Universal Citation: 4 VA Admin Code 5-430-70

Current through Register Vol. 41, No. 3, September 23, 2024

A. Licensees, except those exempted under subsection A 1 or A 2 of § 38.2-629 of the Code of Virginia, that determine a cybersecurity event has occurred and has caused or has a reasonable likelihood of causing identity theft or other fraud to consumers whose information was accessed or acquired shall notify those consumers in accordance with § 38.2-626 of the Code of Virginia, subject to any applicable numerical threshold.

B. Each licensee required to notify consumers of a cybersecurity event that does not intend to notify consumers based on a belief that the cybersecurity event does not have a reasonable likelihood of causing identity theft or other fraud to the consumers shall notify the commissioner, without unreasonable delay, of its position and provide an explanation supporting the licensee's position.

Statutory Authority: §§ 12.1-13 and 38.2-223 of the Code of Virginia.

Disclaimer: These regulations may not be the most recent version. Virginia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.