Skip to Top Main Navigation Skip to Left Navigation Skip to Content Area Skip to Footer
Texas Department of Insurance
Topics:   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All

Commissioner’s Bulletin # B-0022-16

September 15, 2016

To:   Domestic or Commercially-Domiciled Insurance Companies and Health Maintenance Organizations

Re:   Reporting of cybersecurity incidents

TDI takes cybersecurity incidents that may affect consumers or industry seriously.  In addition, the Texas Business and Commerce Code sets out a business duty to protect sensitive personal information and provides some definitions of information that the Department is concerned about.  Federal law also provides standards that may be applicable to some insurers.

A domestic insurer or HMO should contact its assigned financial analyst at TDI if the insurer or HMO experiences or discovers an unauthorized acquisition, release, or use of personal information or sensitive company information. 

After TDI is notified, TDI may request information concerning the incident under its examination authority.  Information will be held confidential under applicable statutes.

Questions regarding this bulletin should be directed to:  Terri Saldana, Associate Commissioner, Financial Regulation Division, at

For more information, contact:

Last updated: 9/16/2016