Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Iowa · Chapter 507F — Insurance Data Security

507F.10 Cybersecurity event reinsurers.

283 words·~1 min read·/ia/chapter-507f-insurance-data-security/507f-10

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

1. If a cybersecurity event involves nonpublic information used by, or that is in the possession, custody, or control of, a licensee that is acting as an assuming insurer and that does not have a direct contractual relationship with consumers affected by the cybersecurity event, the assuming insurer shall notify each of the assuming insurer’s affected ceding insurers and the commissioner of the assuming insurer’s state of domicile within three business days of determining that a cybersecurity event has occurred.
A ceding insurer that has a direct contractual relationship with a consumer affected by the cybersecurity event shall comply with the applicable provisions of section 715C.2, and all other applicable notification requirements pursuant to federal or state law.
2. If a cybersecurity event involves nonpublic information that is in the possession, custody, or control of a third-party service provider of a licensee that is acting as an assuming insurer, the assuming insurer shall notify each of the assuming insurer’s affected ceding insurers and the commissioner of the assuming insurer’s state of domicile within three business days of the date the assuming insurer receives notice from the assuming insurer’s third-party service provider that a cybersecurity event involving nonpublic information has occurred.
A ceding insurer that has a direct contractual relationship with a consumer affected by the cybersecurity event shall comply with the applicable provisions of section 715C.2, and all other applicable notification requirements pursuant to federal or state law.
3. Notwithstanding any law to the contrary, a licensee acting as an assuming insurer shall have no other notice obligations related to a cybersecurity event or other data breach than the notice requirements pursuant to subsections 1 and 2.
2021 Acts, ch 79, §10, 17
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.