Go to previous versions of this Section
2022 (you are here)
2021
2020
2019
2018
Other previous versions

2022 Iowa Code
Title XIII - COMMERCE
Chapter 507F - INSURANCE DATA SECURITY
Section 507F.9 - Cybersecurity event — third-party service providers.

Universal Citation: IA Code § 507F.9 (2022)
Previous Next

507F.9 Cybersecurity event — third-party service providers.

1. If a licensee becomes aware of a cybersecurity event in an information system maintained by a third-party service provider of the licensee, the licensee shall comply with section 507F.7, or the licensee may obtain a written certification from the third-party service provider that the provider is in compliance with section 507F.7. If the third-party provider fails to provide written certification to the licensee, the licensee shall comply with section 507F.7. The computation of the licensee’s deadlines pursuant to section 507F.7 shall begin on the business day after the date on which the licensee’s third-party service provider notifies the licensee of a cybersecurity event, or the date on which the licensee has actual knowledge of the cybersecurity event, whichever date is earlier.

2. This section shall not be construed to prohibit or abrogate an agreement between a licensee and another licensee, a third-party service provider, or any other party for the other licensee, third-party service provider, or other party to execute the requirements under section 507F.6 or section 507F.7 on behalf of the licensee.

2021 Acts, ch 79, §9, 17

Section effective January 1, 2022; 2021 Acts, ch 79, §17

NEW section

Previous Next
Disclaimer: These codes may not be the most recent version. Iowa may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.