Data Breach Prep Archives - �ǿմ�ý �ǿմ�ý Title Insurance Co.

Data Breach Prep: Oklahoma

anticadmin — Tue, 16 Jul 2024 13:22:00 +0000

When a data breach occurs, it’s an intense, frightening moment. Who you ‘gonna call? Ghostbusters aren’t the ones for this job, so the best way to make the specter of a breach less scary is to have an incident response plan in place; to know what your legal and regulatory requirements are; and to have the contact information that you need close at hand.

While this new series of blogs is not intended to provide legal advice, it is intended to provide you with recommendations for resources that may be useful; to increase awareness regarding notification and reporting requirements; and to provide helpful notification contact information, unique to each state. In each issue, we will present you with contact information regarding a different state in which �ǿմ�ý �ǿմ�ý is licensed, and in which you may be its appointed agent. It is up to you to make sure that you know when to use these contacts – either because you are legally required to do so, or because you have optionally decided to provide notification. Lastly, for our legal disclaimers, we’ve made our best efforts to acquire the correct and current contact information, but we can make no guarantees as to its accuracy or that the information will not change over time.

Understanding State Reporting Responsibilities

There are two kinds of laws that impact your reporting responsibilities: (1) state data breach notification laws that generally apply to all entities who “own” data, and (2) insurance data security laws that apply to those who are regulated for doing the business of insurance. A great summary of the state data breach notification laws is published quarterly by the law firm of . Another useful resource for tracking both the state data breach notification laws and the insurance data security laws is a tool published by the law firm of .

Now that we’ve discussed both the general and insurance data breach notification laws, please be aware that sometimes notification requirements derive from other sources, including statutes which are not labeled as Insurance Data Security Laws (or which don’t even fall under the category of such laws), and bulletins issued by insurance regulators.

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

The variances are quite considerable and include (but are not limited to) how (e.g. by what method) to give notice, permitted delays when a law enforcement agency investigation is pending, timing of the notice, what particular information is required to be provided, and record retention.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Insurance Data Security Laws also vary from state to state and may have some exemptions that apply to you (typically based upon the size of the licensee, its year-end total assets, and its gross annual revenue), so, again, be sure to check your state’s specific requirements. However, these laws generally include the following common notification components:

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

OKLAHOMA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Ok. Stat., Tit. 24, §§ 161–166, Security Breach Notification Act.
*(Ok. Stat., Tit. 24, § 163 is the notification/reporting section). [Note: Pending legislation would require notice to the attorney general within 60 days of discovery if at least 250 persons are affected or for a credit bureau with at least 1,000 persons affected. See SB 1337, 2024 Regular Session ()]

Note: No current requirements aside from notice to affected residents. If desiring to give courtesy notification to Attorney General, then contact information is:
313 NE 21st Street,
Oklahoma City, OK 73105;
Ph: (405) 521-3921;
Fax (405) 521-6246;
Email: contact@oag.ok.gov

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law. [(Note: As of 11/27/2023, OK has a pending Insurance Data Security Law; See SB 543, 2023 Regular Session ()]

Courtesy/Optional contact information:
* Oklahoma Insurance Department
400 NE 50th St.
Oklahoma City, OK 73105
Ph: (405) 521-2828
Fax: (405) 521-6635
email: Licensing@oid.ok.gov;
Michael.Parrott@oid.ok.gov;
diane.carter@oid.ok.gov

The post Data Breach Prep: Oklahoma appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Alabama

anticadmin — Thu, 11 Jul 2024 21:57:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

ALABAMA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Ala. Code § 8-38-1 et seq. *(Ala. Code § 8-38-5 through § 8-38-7 are the notification/reporting sections).

When breach affects > 1,000 residents, notify:
*Attorney General data breach form:
*Attorney General data breach email to supplement the form: ConsumerInterest@AlabamaAG.gov
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

Ala. Code s. 27-62-1, et seq., Insurance Data Security Law. *(Ala. Code § 27-62-5 and § 27-62-6 are the notification/reporting sections).

Notify:
*Reyn Norman, General Counsel
Alabama Department of Insurance
Ph: 334-241-4119
Fax: (334) 956-7935
E-Mail: Reyn.Norman@insurance.alabama.gov Internet:

The post Data Breach Prep: Alabama appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Arizona

anticadmin — Thu, 11 Jul 2024 21:56:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

ARIZONA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Ariz. Rev. Stat. § 18-551 et seq. *(Ariz. Rev. Stat. § 18-551 is the notification/reporting section). (Exemption for those subject to GLBA, such as �ǿմ�ý �ǿմ�ý Title; see A.R.S. § 18-552(N)(1))

When breach affects > 1,000 residents, notify:
*Attorney General data breach form:
*Attorney General data breach email to supplement the form: data.breach@azag.gov
*AZ Dept. of Homeland Security: contact form
Ph: (602) 542-7013
1802 W. Jackson Street, #117
Phoenix, AZ 85007

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law

Courtesy/Optional contact information:
*Cary W. Cook, Chief Financial Compliance Officer Arizona Department of Insurance and Financial Institutions 100 N. 15th Ave., Suite 261
Phoenix, AZ 85007-2630
Email: cary.cook@difi.az.gov
Ph: (602) 364-3986

The post Data Breach Prep: Arizona appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Colorado

anticadmin — Thu, 11 Jul 2024 21:51:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

COLORADO NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Colo. Rev. Stat. § 6-1-716. Notification of security breach.
*(Colo. Rev. Stat. § 6-1-716 is the notification/reporting section). (Limited exemption – no reporting to Consumer Reporting Agencies is required – for those subject to GLBA, such as �ǿմ�ý �ǿմ�ý Title; see C.R.S. 6-1-716(2))

When breach affects > 500 residents, notify:
*Attorney General data breach form:
*Attorney General data breach email to supplement the form: contact the Consumer Protection Section of the Attorney General’s Office at databreach@coag.gov

When breach affects > 1,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law

Courtesy/Optional contact information:
*Norbert Steinbock
Financial Analyst
Financial Affairs and Company Services
P 303.894.7535 | F 303.894.7455
1560 Broadway, Suite 850, Denver, CO 80202
Email: norbert.steinbock@state.co.us

The post Data Breach Prep: Colorado appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Kentucky

anticadmin — Thu, 11 Jul 2024 21:22:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

KENTUCKY NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

KRS § 365.732. Notification to affected persons of computer security breach involving their unencrypted personally identifiable information. *(KRS § 365.732 is the notification/reporting section).
(Exemption for those subject to GLBA, such as �ǿմ�ý �ǿմ�ý Title; see KRS 365.732(8))

When breach affects > 1,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

KRS § 304.3-750, et. seq., Insurance Data Security Law. *(KRS § 304.3-760 is the notification/reporting section).

Notify:
*Financial Standards & Examination Division of the Kentucky Dept. of Insurance,
Victoria Lloyd (Director)
500 Mero Street, 2 SE 11
Frankfort, KY 40601
Ph: (502) 564-6082;
Fax: (502) 564-4604;
Email: DOI.FinancialStandardsMail@ky.gov

The post Data Breach Prep: Kentucky appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Michigan

anticadmin — Thu, 11 Jul 2024 21:00:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

MICHIGAN NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Mich. Comp. Laws § 445.61, et seq., Identity Theft Protection Act. *(MCLS § 445.72 is the notification/reporting section).

When breach affects > 1,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

MCLS s. 500.550, et seq., Michigan Insurance Data Security Law, with Michigan Dept.
of Insurance and Financial Services Bulletin . *(MCLS § 500.559 and §
500.561 are the notification/reporting sections).

Notify:
* Bulletin 2021-32-INS contains a link to a form: Notice of Cybersecurity Event ().
The form must be completed and with its attachments should be submitted as a
single PDF document and sent via email to DIFS-Cybersecurityforms@Michigan.gov.

The post Data Breach Prep: Michigan appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Georgia

anticadmin — Wed, 10 Jul 2024 21:30:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

GEORGIA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

OCGA § 10-1-912, et. seq. *(OCGA § 10-1-912 is the notification/reporting section).

When breach affects > 10,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law

Courtesy/Optional contact information:
*Bruce Williamson
GA Office of the Commissioner of Insurance & Fire Safety,
Insurance Financial Oversight Division
Ph: 404-657-9205;
BWilliamson@oci.ga.gov
908 West Tower
2 Martin Luther King Jr. Drive
Atlanta, GA 30334

The post Data Breach Prep: Georgia appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Florida

anticadmin — Wed, 10 Jul 2024 21:30:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

FLORIDA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

F.S. § 501.171. Security of confidential personal information.
*(F.S. § 501.171 is the notification/reporting section).

When breach affects > 500 residents, notify:
*Office of the Attorney General, Department of Legal Affairs has numerous divisions – contact the Office of Citizen Services, Ph. (850) 414-3990;
State of Florida
PL-01, The Capitol
Tallahassee, FL 32399-1050

When breach affects > 1,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law

Courtesy/Optional contact information:
*FL Office of Insurance Regulation (FL OIR) regulates Insurers:
Email: InsuranceCommissioner@floir.com
Ph: (850) 413-3140

*Launa Foreman
Administrative Assistant II
SIU Administrator
Division of Investigative & Forensic Services
200 E Gaines Street
Tallahassee, FL 32399-0324
O: (850) 413-4094
Launa.Foreman@MyFloridaCFO.com

The post Data Breach Prep: Florida appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Illinois

anticadmin — Wed, 10 Jul 2024 21:28:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

ILLINOIS NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

815 Ill. Comp. Stat. 530/5 et seq. *(815 Ill. Comp. Stat. 530/10 is the notification/reporting section).

When breach affects > 500 residents, notify:
* Attorney general Informational website for data breach reporting is
Email: Datasecurity@ilag.gov;
Ph: (800) 243-0618;

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

No Insurance Data Security Law (for title insurance). (Note: 215 ILCS 215/1, et. seq., Insurance Data Security Law, eff. 1/1/2024, does NOT apply to title insurance.)

Courtesy/Optional contact information:
*Richard J. Bake
IDFPR / DFI / Title Insurance Section
555 W. Monroe, 8th floor
Chicago, Illinois 60661
Ph. (312) 814-4505
richard.bake@illinois.gov

*Susan Clardy-White
Office Coordinator
IDFPR-DFI-Title Insurance Section
555 W. Monroe, Suite 800S

The post Data Breach Prep: Illinois appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..

Data Breach Prep: Indiana

anticadmin — Wed, 10 Jul 2024 21:27:00 +0000

Understanding State Reporting Responsibilities

State data breach notification laws vary from state to state and may have some exemptions which apply to you, but often include the following common components:

Notification to certain agencies, including state attorneys general and/or consumer reporting agencies under certain circumstances.
Notification to affected state residents without unreasonable delay.

Consumer Reporting Agency Notification

For your convenience, when these laws do require notification to Consumer Reporting Agencies, the following information may be helpful to you:

EQUIFAX
Equifax: Consumer Fraud Division
P.O. Box 740256
Atlanta, GA 30374
SecurityMonitoring@equifax.com
EXPERIAN
Security Assistance
P.O. Box 72
Allen, TX 75013
BusinessRecordsVictimAssistance@experian.com
TRANSUNION
Consumer Relations & Fraud Victim Assistance
P.O. Box 2000
Chester PA 19016
databreach@transunion.com

Common Notification Requirements

Notification to the insurance commissioner of the cybersecurity event (usually within three days in most states).
Notification to affected state residents without unreasonable delay.
- But if you’ve had a breach and determined that notice is not required (according to the state law or other authority), then typically that determination is required to be documented in writing and retained for at least five (5) years.
Notification (usually within 10 days) to a covered third-party (such as your *title insurance underwriter) when you have determined or believe that a breach occurred.
*(for �ǿմ�ý �ǿմ�ý Title, you can contact Elyce Schweitzer, Regulatory Compliance Officer, at eschweitzer@alliantnational.com)

INDIANA NOTIFICATION REQUIREMENTS AND CONTACT INFORMATION

Contact Information Pursuant to State Data Breach Notification Laws

Ind. Code § 24-4.9-1-1, et. seq. Disclosure of Security Breach.
*(Ind. Code § 24-4.9-3-1 and § 24-4.9-3-4 are the notification/reporting sections).

When breach affects any resident requiring a disclosure to that resident, then must also report to:
*Indiana Attorney General’s informational webpage for businesses reporting a data breach: ;
printable breach notification form and online breach notification form are accessible from this website.
Then, submit your breach notification form to the Indiana Attorney General’s Office by completing the printable form and emailing it to
DataBreach@atg.in.gov
[Although not necessary, you may also mail or fax the form to:
Data Privacy & Identity Theft Unit – Data Breach, Attorney General of Indiana, Indiana Government Center South, 5th, Floor,
302 West Washington Street, Indianapolis, IN 46204 317-232-6201. (Note: be sure to also include a sample or copy of the notice going to the affected individuals)]

When breach affects > 1,000 residents, notify:
*Consumer Reporting Agencies

Contact Information Pursuant to Insurance Data Security Laws (or Pursuant to Other Authority Requiring Notice to Regulator):

IC § 27-2-27-1 through § 27-2-27-32, Insurance Data Security Law. *(Ind. Code § 27-2-27-21 is the notification/reporting section).

Notify:
* Portal for reporting cybersecurity data breach:

The post Data Breach Prep: Indiana appeared first on �ǿմ�ý �ǿմ�ý Title Insurance Co..