1-800-259-5300

Consumers> Industry>

Insurance Type
Auto Flood Health Homeowners Life & Annuities Long-Term Care Other Types
Complaints
File a Complaint Complaint Data
Find Companies
Find Agents
Receivership
Insurance Fraud
Resources & Publications
Consumer Resources Consumer Publications Consumer Updates Request For Proposal
Senior Health/SHIIP
Boards & Commissions
Louisiana Health Care Commission Louisiana Property & Casualty Commission Louisiana Auto Theft & Insurance Fraud Prevention Authority
RFPs
Producer/Adjuster
License Application Renewals Education Address/Name Change Appointments/Affiliations Search for Producers and Adjusters Printing a License Regulatory Actions
Company Licensing
Application and Filing Requirements Application Forms Annual Reports Certified Reinsurers Company Contact Changes Other Documents Reciprocal Jurisdiction Reinsurers Regulatory Actions
Data Calls
Hurricane Laura Data Call Hurricane Delta Data Call Hurricane Zeta Data Call Hurricane Ida Data Call Data Call Results Cybersecurity Event
Form and Rate Filing
Form and Rate Overview Form and Rate Documents P&C Rating Filing Exhibits
Laws and Bulletins
Search Bulletins, Directives & Regulations Insurance Law (Title 22) Legislative Updates Declaratory Orders
Financial Regulation
Financial Examinations Financial Filing Instructions Market Conduct Receivership
Taxes and Assessments
Admitted Premium Tax Surplus Lines Premium Tax Surplus Lines Insurers (White List) HIPAA Assessment
Resources & Publications
Industry Resources Consumer Publications Diversity and Opportunity Health Care Commission Industry Access Training Webinars Request For Proposal Social Network
Find Companies
Find Agents

Office Directory

Online Services

News/Media

FAQs

phone   Contact Us

Louisiana Department of Insurance

1-800-259-5300

(225) 342-5900

Report A Cybersecurity Event

Each licensee, under certain circumstances, shall notify the commissioner within three business days after a determination of the occurrence of a cybersecurity event. The Insurance Data Security Law (Act 283 of the 2020 Regular Session) defines both “licensee” and “cybersecurity event” and creates the reporting requirement.

Generally, a “licensee” is a person or entity regulated by the commissioner of insurance, and a “cybersecurity event” involves the loss of electronic nonpublic information belonging to consumers and in the possession of licensees or the compromise of the information system of a licensee.


Reporting Flowchart

The Reporting a Cybersecurity Event Flowchart is meant only to be a guide for licensees, who are responsible for understanding and complying with the provisions of La. R.S. 22:2506, which governs notification to the commissioner and to consumers.


Notification Process

If, after a prompt investigation, a licensee determines both a cybersecurity event has occurred and a report is required, the licensee shall notify the commissioner without unreasonable delay but in no event later than three business days. When in doubt as to whether to notify the commissioner through the LDI, all licensees are encouraged to report the cybersecurity event and begin a dialogue with LDI staff as soon as possible.

Licensees will notify the commissioner and LDI using the Report a Cybersecurity Event Form, which provides a guide to the information required by the commissioner including additional documentation.

The Report a Cybersecurity Event Form and attachments should be submitted to the following email: Cyber.Report@ldi.la.gov.


Supplemental Information

Not all information may be available at the time of the initial report to the LDI. Licensees have a continuing obligation to update and supplement their initial and subsequent reports about material developments relating to the cybersecurity event as provided in La. R.S. 22:2506.


Louisiana Insurance Data Security Law Information Security Program

 
Pursuant to Bulletin 2021-04, all licensees of the Louisiana Department of Insurance, as that term is defined in La. R.S. 22:2503(7), are now required to develop, implement and maintain a comprehensive written information security program (ISP) that complies with the requirements of La. R.S. 22:2054 no later than August 1, 2021. Bulletin 2021-04 also requires the submission of either a certification of compliance with La. R.S. 22:2504 or exemption under La. R.S. 22:2509. Below you will find a link to the bulletin with information on filing dates and requirements, as well as links to both the certification and exemption forms.

Bulletin 2021-04
Louisiana Insurance Data Security Law Information Security Program Certification Form
Louisiana Insurance Data Security Law Information Security Program Exemption Certification Form

If you meet any of the following criteria, it is only necessary to submit the Louisiana Insurance Data Security Law Information Security Program Exemption Certification Form:
  • Have fewer than twenty-five (25) employees.
  • Have less than five million dollars in gross annual revenue.
  • Have less than ten million dollars in year-end total assets.
  • Are a licensee who is also an employee, agent, representative, or designee of another licensee, to the extent that you are covered by the other licensee’s ISP. A single licensed producer employed by an agency will fall under this exemption.
  • Are subject to the Health Insurance Portability and Accountability Act (HIPAA), establish and maintain an information security program (ISP) pursuant to HIPAA statutes, rules, regulations, procedures, or guidelines, AND comply with and submit, upon request, a written certification of compliance with the ISP established pursuant to HIPAA statutes, rules, regulations, procedures, or guidelines.
  • Are affiliated with a depository institution subject to the Interagency Guidelines Establishing Information Security Standards pursuant to the Gramm-Leach-Bliley Act (Gramm-Leach-Bliley), establish and maintain an information security program (ISP) pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures, or guidelines, AND comply with and submit, upon request, a written certification of compliance with the ISP established pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures, or guidelines.
  • Are subject to a jurisdiction approved by the Commissioner, establish and maintain an information security program (ISP) pursuant to that jurisdiction’s statutes, rules, regulations, procedures, or guidelines, AND comply with and submit a written certification of compliance with the ISP established pursuant to Gramm-Leach-Bliley statutes, rules, regulations, procedures, or guidelines.

Completed forms should be submitted to ISPforms@ldi.la.gov
 
Any questions regarding Bulletin 2021-04 or the certification or exemption forms should be submitted to cyber.questions@ldi.la.gov.
cybersecurity-video
About LDI

Events Calendar


Public Hearings


Videos


What We Do


Office Directory


Job Openings

 
Connect With Us

FAQs


1-800-259-5300
Quick Links

Search Bulletins, Directives & Regs


Search for Company or Agent


Search Rate Filings


Producer License Renewal


Report Insurance Fraud


Top 20 Lists by Market Share


Industry Career Opportunities

What’s New

Solicitation for Offers


Bulletin 2021-10: Hurricane Ida Data Call


Bulletin 2021-09: Insurer Obligations to Policyholders


Directive 218


Advisory Letter 2021-06: Reinsurer Certification - Reciprocal Jurisdictions


Bulletin 2021-08: Hurricane Ida Voluntary Mediation Program (revised)


logo

LDI Webmail   LDI Employees
1702 N. Third Street; P.O. Box 94214; Baton Rouge, LA 70802

Copyright © Louisiana Department of Insurance