COMMISSIONER'S BULLETIN # B-0022-16
September 15, 2016
To: Domestic or Commercially-Domiciled Insurance Companies and Health Maintenance Organizations
Re: Reporting of cybersecurity incidents
TDI takes cybersecurity incidents that may affect consumers or industry seriously. In addition, the Texas Business and Commerce Code sets out a business duty to protect sensitive personal information and provides some definitions of information that the Department is concerned about. Federal law also provides standards that may be applicable to some insurers.
A domestic insurer or HMO should contact its assigned financial analyst at TDI if the insurer or HMO experiences or discovers an unauthorized acquisition, release, or use of personal information or sensitive company information.
After TDI is notified, TDI may request information concerning the incident under its examination authority. Information will be held confidential under applicable statutes.Questions regarding this bulletin should be directed to: Terri Saldana, Associate Commissioner, Financial Regulation Division, at Teresa.Saldana@tdi.texas.gov.
For more information contact:
Last updated: 09/16/2016