We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ...
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
TEKRiSQ Overview State Laws Table Our Solutions Contact Us
The table below summarizes key data security, cybersecurity, and privacy laws by US state. Insurance Licensees should pay particular attention to the “DATA SECURITY LAW IN PLACE?” column, which indicates the presence of a state-specific Insurance Data Security Law (often based on the NAIC Model Law). Each state name links to a more detailed TEKRiSQ summary page where available.
US STATE | REGULATOR | DATA SECURITY LAW IN PLACE? |
---|---|---|
Alabama | Alabama Department of Insurance | YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama. |
Alaska | Alaska Department of Insurance | YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. |
Arizona | Arizona Department of Insurance | NO. However, please review Arizona’s Data Breach Notification Law (A.R.S. § 18-552) |
Arkansas | Arkansas Insurance Department | YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees. |
California | California Department of Insurance | YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPRA, IIIPAA and older ones |
Colorado | Colorado Division of Insurance | YES! Colorado has several cybersecurity & privacy laws worth reviewing. |
Connecticut | Connecticut Insurance Department | YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding. Insurance Data Security laws echo NYDFS 500. |
Delaware | Delaware Department of Insurance | YES! Delaware has an Insurance Data Security Act and a tough 2025 DPDPA law, with strong cybersecurity, data security and privacy laws in place. Have a quick review here. |
Florida | Division of Insurance Agent & Agency Services | NO. Florida is not very regulated for SMBs in Data Security, Cybersecurity or Privacy. Review the Florida Information Protection Act (FIPA) and the Florida Cybersecurity Act and amendments in 2022 and 2024. These laws establish a framework for managing cybersecurity across Florida’s public sector., emphasizing incident reporting, risk assessments, and vendor accountability. |
Georgia | Office of Commissioner of Insurance (OCI) | YES! Review our page to understand obligations, including the Georgia Insurance Data Security Law (Rule 120-2-94) |
Hawaii | Hawaii Consumer Affairs-Insurance | YES! Hawaii has some mature consumer protection laws, including an insurance data security law based on NAIC Model Law. Check it out, bra. |
Idaho | Idaho Department of Insurance | YES! Idaho has evolving Laws covering cybersecurity, and has a 2025 Insurance Data Security Act under consideration. Check out what’s afoot in The Gem State. |
Illinois | Illinois Department of Insurance | YES! Illinois has a very well evolved cybersecurity legal framework, including an Insurance Data Security Law. Read on to understand it. |
Indiana | Indiana Department of Insurance | YES! Indiana has a comprehensive set of laws, including an Insurance Data Security Law. |
Iowa | N/A | Information not yet summarized for this state. |
Kansas | Kansas Department of Insurance | Kansas has well defined and established cybersecurity laws, as well as Data Privacy Insurance Regulations for Licensees to comply with. |
Kentucky | N/A | Information not yet summarized for this state. |
Louisiana | Louisiana Department of Insurance | YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding. |
Maine | N/A | Information not yet summarized for this state. |
Maryland | Maryland Insurance Administration (MIA) | YES! State of Maryland Cybersecurity Data Security & Privacy Law is pretty thorough. Make sure you understand your obligations doing business here. |
Massachusetts | N/A | Information not yet summarized for this state. |
Michigan | N/A | Information not yet summarized for this state. |
Minnesota | N/A | Information not yet summarized for this state. |
Mississippi | N/A | Information not yet summarized for this state. |
Missouri | N/A | Information not yet summarized for this state. |
Montana | N/A | Information not yet summarized for this state. |
Nebraska | N/A | Information not yet summarized for this state. |
Nevada | N/A | Information not yet summarized for this state. |
New Hampshire | N/A | Information not yet summarized for this state. |
New Jersey | N/A | Information not yet summarized for this state. |
New Mexico | N/A | Information not yet summarized for this state. |
New York | N/A | Information not yet summarized for this state. |
North Carolina | N/A | Information not yet summarized for this state. |
North Dakota | N/A | Information not yet summarized for this state. |
Ohio | N/A | Information not yet summarized for this state. |
Oklahoma | N/A | Information not yet summarized for this state. |
Oregon | N/A | Information not yet summarized for this state. |
Pennsylvania | N/A | Information not yet summarized for this state. |
Rhode Island | N/A | Information not yet summarized for this state. |
South Carolina | N/A | Yes |
South Dakota | N/A | Information not yet summarized for this state. |
Tennessee | Tennessee Data Security Laws | Yes! Tennessee Information Protection Act (TIPA) – Effective July 1, 2025 mandates data protection assessments (DPAs) for businesses, mandates insurance data security laws for licensees |
Texas | N/A | Information not yet summarized for this state. |
Utah | N/A | Information not yet summarized for this state. |
Vermont | N/A | Information not yet summarized for this state. |
Virginia | N/A | Information not yet summarized for this state. |
Washington | N/A | Information not yet summarized for this state. |
West Virginia | N/A | Information not yet summarized for this state. |
Wisconsin | N/A | Information not yet summarized for this state. |
Wyoming | N/A | Information not yet summarized for this state. |
District of Columbia | N/A | Information not yet summarized for this state. |
Puerto Rico | N/A | Information not yet summarized for this state. |
Guam | N/A | Information not yet summarized for this state. |
U.S. Virgin Islands | N/A | Information not yet summarized for this state. |
American Samoa | N/A | Information not yet summarized for this state. |
Northern Mariana Islands | N/A | Information not yet summarized for this state. |
Understanding and adhering to state-specific data security and privacy laws is critical for all businesses, especially SMBs and regulated entities.
Non-compliance with state laws can lead to significant fines, legal fees, and costly litigation that can severely impact an SMB’s financial stability.
Consumers are increasingly aware of their data privacy rights. Demonstrating robust compliance builds trust and enhances your brand’s reputation.
Compliance often mandates the implementation of strong cybersecurity measures, directly protecting your business from data breaches, ransomware, and other attacks.
Proactive compliance and security measures significantly reduce the likelihood and impact of disruptive security incidents, ensuring your operations continue smoothly.
Being recognized as a secure and compliant business can differentiate you from competitors and attract more clients, especially in sensitive industries.
Implementing well-defined security and privacy practices leads to more organized, efficient, and defensible data handling processes.
TEKRiSQ offers comprehensive cybersecurity, data security, and privacy solutions tailored to help your SMB or licensed entity meet diverse state legal requirements.
Identify vulnerabilities and compliance gaps specific to your operating states.
Implement frameworks for data handling, aligning with various state privacy mandates.
Develop robust plans to meet state-specific data breach notification requirements.
Educate your team on their role in protecting data and complying with state laws.
Ongoing support to continuously monitor and improve your security posture for sustained compliance.
Advanced threat detection and response for your devices, a key component of robust security.
Don’t let complex regulations be a barrier. Partner with TEKRiSQ for expert guidance and practical solutions.
The following is a list of US states and relevant information about cybersecurity, privacy or data security. Insurance Licensees may see the leftmost field, where any US State Data Security Compliance Law is in place. Each page links to a state-specific summary of the data security and compliance obligations of businesses and licensees operating in that state.
US STATE | REGULATOR | DATA SECURITY LAW IN PLACE? |
Alabama | Alabama Department of Insurance | YES! Insurance Data Security Law (Act 2019-98) This law imposes specific data security requirements on insurance licensees in Alabama. |
Alaska | Alaska Department of Insurance | YES! Senate Bill 134, enacted in 2024, governs insurance data security in Alaska. It’s largely based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. |
Arizona | Arizona Department of Insurance | NO. However, please review Arizona’s Data Breach Notification Law (A.R.S. § 18-552) |
Arkansas | Arkansas Insurance Department | YES! Arkansas Code § 23-61-113: This statute governs the disclosure of nonpublic personal information by insurance licensees. |
California | California Department of Insurance | YES! California has several cybersecurity & privacy laws, including CCPA, SB-327 , and CPRA, IIIPAA and older ones |
Colorado | Colorado Division of Insurance | YES! Colorado has several cybersecurity & privacy laws worth reviewing. |
Connecticut | Connecticut Insurance Department | YES! Connecticut has tough cybersecurity, data security and privacy laws worth understanding. |
Delaware | Delaware Department of Insurance | YES! Delaware has an Insurance Data Security Act and a tough 2025 DPDPA law, with strong cybersecurity, data security and privacy laws in place. Have a quick review here. |
Florida | Division of Insurance Agent & Agency Services | NO. Florida is not very regulated for SMBs in Data Security, Cybersecurity or Privacy. |
Georgia | Office of Commissioner of Insurance (OCI) | YES! review our page to understand obligations |
Hawaii | ||
Idaho | ||
Illinois | ||
Indiana | ||
Iowa | ||
Kansas | ||
Kentucky | ||
Louisiana | Louisiana Department of Insurance | YES! Louisiana has a few tough cybersecurity, data security and privacy laws worth understanding. |
Maine | ||
Maryland | Maryland Insurance Administration (MIA) | YES! State of Maryland Cybersecurity Data Security & Privacy Law is pretty thorough. Make sure you understand your obligations doing business here. |
Massachusetts | ||
Michigan | ||
Minnesota | ||
Mississippi | ||
Missouri | ||
Montana | ||
Nebraska | ||
Nevada | ||
New Hampshire | ||
New Jersey | ||
New Mexico | ||
New York | ||
North Carolina | ||
North Dakota | ||
Ohio | ||
Oklahoma | ||
Oregon | ||
Pennsylvania | ||
Rhode Island | ||
South Carolina | Yes | |
South Dakota | ||
Tennessee | Tennessee Data Security Laws | Yes! Tennessee Information Protection Act (TIPA) – Effective July 1, 2025 mandates data protection assessments (DPAs) for businesses, mandates insurance data security laws for licensees |
Texas | ||
Utah | ||
Vermont | ||
Virginia | ||
Washington | ||
West Virginia | ||
Wisconsin | ||
Wyoming |