On March 11th, 2020, Virginia Governor Northam signed the Insurance Data Security Act (the “Act”) — HB 1334 — imposing requirements on all entities regulated by the Virginia Bureau of Insurance (“BOI” or the “Bureau”) to:
- maintain an information security program,
- investigate all cybersecurity events,
- notify the Commissioner of Insurance of cybersecurity events, and
- notify consumers affected by cybersecurity events.