1-800-259-5300

Consumers> Industry>

Insurance Type
Auto Flood Health Homeowners Life & Annuities Long-Term Care Other Types
Complaints
File a Complaint Complaint Data
Find Companies
Find Agents/Adjusters
Receivership
Insurance Fraud
Resources & Publications
Consumer Resources Consumer Publications Consumer Updates Request For Proposal
Senior Health/SHIIP
Boards & Commissions
Louisiana Health Care Commission Louisiana Property & Casualty Commission Louisiana Auto Theft & Insurance Fraud Prevention Authority
RFPs
Producer/Adjuster
License Application Renewals Education Address/Name Change Appointments/Affiliations Search for Producers and Adjusters Printing a License Regulatory Actions Emergency Adjuster Registrations
Company Licensing
Application and Filing Requirements Application Forms Annual Reports Certificate of Compliance Certified Reinsurers Company Contact Changes Other Documents Reciprocal Jurisdiction Reinsurers Regulatory Actions
Financial Regulation
Financial Examinations Financial Filing Instructions Receivership
Resources & Publications
Industry Resources Market Conduct Consumer Publications Diversity and Opportunity Health Care Commission Industry Access Training Webinars Request For Proposal Social Network
Form & Rate Filing
Form and Rate Overview Form and Rate Documents P&C Rating Filing Exhibits
Laws & Bulletins
Search Bulletins, Directives & Regulations Insurance Law (Title 22) Legislative Updates Declaratory Orders
Data Calls
Hurricane Laura Data Call Hurricane Delta Data Call Hurricane Zeta Data Call Hurricane Ida Data Call Data Call Results Cybersecurity Event
Taxes & Assessments
Admitted Premium Tax Surplus Lines Premium Tax Surplus Lines Insurers (White List) HIPAA Assessment
Find Companies
Insure LA Incentive Program

Office Directory

Online Services

News/Media

FAQs

phone   Contact Us

Louisiana Department of Insurance

1-800-259-5300

(225) 342-5900

Email Us

Report A Cybersecurity Event

Each licensee, under certain circumstances, shall notify the commissioner within three business days after a determination of the occurrence of a cybersecurity event. The Insurance Data Security Law (Act 283 of the 2020 Regular Session) defines both “licensee” and “cybersecurity event” and creates the reporting requirement.

Generally, a “licensee” is a person or entity regulated by the commissioner of insurance, and a “cybersecurity event” involves the loss of electronic nonpublic information belonging to consumers and in the possession of licensees or the compromise of the information system of a licensee.


Reporting Flowchart

The Reporting a Cybersecurity Event Flowchart is meant only to be a guide for licensees, who are responsible for understanding and complying with the provisions of La. R.S. 22:2506, which governs notification to the commissioner and to consumers.


Notification Process

If, after a prompt investigation, a licensee determines both a cybersecurity event has occurred and a report is required, the licensee shall notify the commissioner without unreasonable delay but in no event later than three business days. When in doubt as to whether to notify the commissioner through the LDI, all licensees are encouraged to report the cybersecurity event and begin a dialogue with LDI staff as soon as possible.

Licensees will notify the commissioner and LDI using the Cybersecurity Reporting Module in the Industry Access Portal, https://ia.ldi.state.la.us/industryaccess.


Supplemental Information

Not all information may be available at the time of the initial report to the LDI. Licensees have a continuing obligation to update and supplement their initial and subsequent reports about material developments relating to the cybersecurity event as provided in La. R.S. 22:2506. Updates and supplemental information should be submitted to cyber.report@ldi.la.gov.


Louisiana Insurance Data Security Law Information Security Program

 
Pursuant to Bulletin 2021-04, all licensees of the Louisiana Department of Insurance, as that term is defined in La. R.S. 22:2503(7), are now required to develop, implement and maintain a comprehensive written information security program (ISP) that complies with the requirements of La. R.S. 22:2054 no later than August 1, 2021. Bulletin 2021-04 also requires the submission of either a certification of compliance with La. R.S. 22:2504 or exemption under La. R.S. 22:2509. Below you will find a link to the bulletin with information on filing dates and requirements, as well as links to both the certification and exemption forms.

Bulletin 2021-04
Louisiana Insurance Data Security Law Information Security Program Certification Form
Louisiana Insurance Data Security Law Information Security Program Exemption Certification Form

If you meet any of the following criteria, it is only necessary to submit the Louisiana Insurance Data Security Law Information Security Program Exemption Certification Form:
  • Have fewer than twenty-five (25) employees.
  • Have less than five million dollars in gross annual revenue.
  • Have less than ten million dollars in year-end total assets.
  • Are a licensee who is also an employee, agent, representative, or designee of another licensee, to the extent that you are covered by the other licensee’s ISP. A single licensed producer employed by an agency will fall under this exemption.
  • Are subject to the Health Insurance Portability and Accountability Act (HIPAA), establish and maintain an information security program (ISP) pursuant to HIPAA statutes, rules, regulations, procedures, or guidelines, AND comply with and submit, upon request, a written certification of compliance with the ISP established pursuant to HIPAA statutes, rules, regulations, procedures, or guidelines.
  • Are affiliated with a depository institution subject to the Interagency Guidelines Establishing Information Security Standards pursuant to the Gramm-Leach-Bliley Act (Gramm-Leach-Bliley), establish and maintain an information security program (ISP) pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures, or guidelines, AND comply with and submit, upon request, a written certification of compliance with the ISP established pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures or guidelines.
  • Are subject to a jurisdiction approved by the commissioner, establish and maintain an information security program (ISP) pursuant to that jurisdiction’s statutes, rules, regulations, procedures, or guidelines, AND comply with and submit a written certification of compliance with the ISP established pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures, or guidelines.

Annual certification and exemption forms are to be submitted through the Cybersecurity Certification Module in the Industry Access Portal, found at https://ia.ldi.state.la.us/industryaccess/.  
 
Any questions regarding Bulletin 2021-04 or the certification or exemption forms should be submitted to cyber.questions@ldi.la.gov.
cybersecurity-video
About LDI

Events Calendar


Public Hearings


Videos


What We Do


Job Openings

 

Industry Career Opportunities

 

LDI ADA Policy

 

LIGA

 

FAQs

Connect With Us

Office Directory


1-800-259-5300
Quick Links

Louisiana Fortify Homes Program


Solicitation for Offers


Search Bulletins, Directives & Regs


Search for Companies


Search for Agents/Adjusters


Search Rate Filings


Producer License Renewal


Report Insurance Fraud


Top 20 Lists by Market Share

What’s New

Bulletin 2022-09: Revised and Reissued


Directive 222: Published


Regulation 128: Published


Bulletin 2023-04: Military Personnel Discount


Regulation 126: LA Fortify Homes Program

 

Bulletin 2023-03: Published


Regulation 125: Published


Regulation 112: Published


Directive 221: Published

logo

LDI Webmail   LDI Employees
1702 N. Third Street; P.O. Box 94214; Baton Rouge, LA 70802

Copyright © Louisiana Department of Insurance