The Texas Department of Insurance issued Bulletin B-0009-23 Re: Reporting of cybersecurity incidents.
The bulletin begins “The Texas Department of Insurance (TDI) takes seriously cybersecurity incidents that may affect consumers or the insurance industry. In addition, the Texas Business and Commerce Code Chapter 521 sets out a business duty to protect sensitive personal information and provides some definitions of information that TDI is concerned about. Federal law also provides standards that might be applicable to some insurance companies.
The bulletin states that domestic insurance companies and HMOs should contact [email protected] if they experience or discover an unauthorized acquisition, release or use of personal information or sensitive company information.
“After TDI is notified, TDI may request information about the incident under its examination authority,” the bulletin states. “Information will be held confidential under applicable statutes.”
Other regulated entities and individuals may send breach notices to [email protected].
Questions about the bulletin may be directed to [email protected].