ODI Issues Guidance for Mandatory Reporting of Insurance-Related Data Breaches

Ohio became the third state to enact insurance-specific legislation pertaining to data security on March 20. While most of the bill’s requirements have staggered implementation dates, there is a portion that took effect in March.

If you believe your agency may have had a cybersecurity event occur that involved nonpublic information either in your system or in a system maintained by a third-party vendor, you are now required to take certain steps to address it.

The Ohio Department of Insurance (ODI) recently released several items to provide guidance to insurance agents and companies if a breach is thought to have occurred.


Under Senate Bill 273, all agencies, regardless of size, are now required to comply with requirements to conduct a prompt investigation should they learn that a cybersecurity event that involves nonpublic information has or may have occurred either in their system or that of a third party vendor.

"Nonpublic information" means information that is not publicly available information and is one of the following:

(1) Business-related information of a licensee the tampering with, unauthorized disclosure of, access to, or use of which, would cause a material adverse impact to the business, operation, or security of the licensee;

(2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements:

  • Social Security number;

  • Driver's license, commercial driver's license, or state identification card number;

  • Account, credit card, or debit card number;

  • Any security code, access code, or password that would permit access to the consumer's financial account;

  • Biometric records.

(3) Any information or data, except age or gender, that is in any form or medium created by or derived from a health care provider or a consumer, that can be used to identify a particular consumer, and that relates to any of the following:

  • The past, present, or future physical, mental, or behavioral health or condition of the consumer or a member of the consumer's family; 

  • The provision of health care to the consumer;

  • Payment for the provision of health care to the consumer.

In addition, in certain instances, notification of a breach may be required to ODI within three business days. In the case of an agent discovering a cybersecurity event in a system maintained by a third-party service provider, any notification deadline would begin on the day after the third-party service provider notifies the agent of the cybersecurity event or the agent otherwise has actual knowledge of the cybersecurity event, whichever is sooner.

Where to find guidance

Several resources to help agencies comply with this requirement have been added to the newly-created Information Security Resource Center on ODI’s website. The resources that can be found to assist agents and companies include:

Please contact OIA and your cyber insurance carrier immediately if you think you may have had a cybersecurity event, so that we can help you understand any obligations you may have to report the event to ODI or to consumers.

Other Requirements of Ohio’s New Insurance-Specific Cybersecurity Law

OIA was able to make several improvements to Ohio’s cyber bill for agents, beyond what exists in the national model legislation and cyber bills that have passed in other states.

Notably, the majority of Ohio agencies will have a large burden alleviated as they will be exempt from a requirement to develop a comprehensive written cyber plan and exercise due diligence in selecting third-party service providers.

This is a big win, as the national model legislation sets the exemption at agencies with fewer than ten employees, including independent contractors.

Additionally, Ohio’s cyber law has language added that states that the superintendent of insurance shall consider the nature, scale and complexity of licensees (i.e. insurers and agencies) in administering the cyber law and adopting any rules necessary to implement the law.

This means consideration will be given to the ability of agencies to comply with the complexity of the law, and that any further rules developed should be “right-sized.”


Agencies are exempt from the requirement to develop and maintain a comprehensive written cybersecurity plan and exercise due diligence requirements over third-party service providers if they meet any of the following criteria:

(1) Have fewer than twenty employees.
(2) Have less than five million dollars in gross annual revenue.
(3) Have less than ten million dollars in assets, measured at the end of the agency’s fiscal year.

Agencies not exempt from these requirements have plenty of time to get ready to comply, as the requirements for a written cybersecurity plan are delayed for one year following the effective date of the bill (March 20, 2020), and the due diligence requirements for third- party service providers have a two-year delay (March 20, 2021).


At this time, there is nothing you need to do (that is unless you think you may have had a data breach). Stay tuned -- OIA will continue to keep you informed on these new cyber requirements as more information becomes available to help comply with the various provisions of the bill.


Big ‘I’ Cyber Resources


We can help! Click below to learn more about OIA's cyber coverage options!


Parents Prepare Your Teens for Safe Driving, Conduct an Insurance Review

COLUMBUS If you are a parent of a teenage driver, your child's safety is your first concern. Though you cannot always be by their side, you can take steps to help keep them safe behind the wheel. Educating yourself and your teen driver about the risks of unsafe driving can save lives and money.

“Reminding young drivers about the dangers of distracted driving is so important,” Governor Mike DeWine said. “Having rules limiting the number of passengers in the car and reminding teens to keep their eyes on the road and hands on the wheel are other easy ways to help increase the safety of young drivers.”

“Today’s world presents many distractions while driving and we must talk to teens about the dangers and consequences of unsafe and distracted driving,” Ohio Department of Insurance Director Jillian Froment said. “I urge parents to establish rules that will help keep their teen drivers and those around them safe while on the road.”

Froment encourages parents and their teens to create a teen driver contract using the online template at www.insureuonline.org/teen_driver_certificate.htm. A contract can help teen drivers avoid common mistakes and increased insurance rates, while defining the consequences associated with driving privileges.

Froment said there are actionable steps parents can take to keep their teen drivers safe and to save money on insurance coverage. She shared the following insights:

Set Expectations

  • Research suggests parents who set rules cut accident risk in half.
  • Set a driving curfew. More than 40 percent of teen auto deaths occur between the hours of 9 p.m. and 6 a.m.
  • The relative risk of a fatal crash increases as the number of passengers increases.
  • Texting or talking on a cell phone can double the likelihood of an accident.

Keep Costs Down

  • Conduct an insurance review with an agent to determine options for insuring your teen driver. Adding a teen driver to your auto insurance policy can be costly.
  • The type of vehicle a teen driver uses as well as driving violations can impact the cost of insurance.
  • Many companies grant discounts to drivers whose records have been clean for three or more years.
  • Some companies offer discounts if your teen completes a defensive driving course and upholds a good grade-point average.
  • Ask your insurance company about an “accident forgiveness” clause that guarantees premiums will not increase after one minor accident.
  • Install a smartphone application that limits or prevents texting and driving.

Ohioans with insurance questions can call the Ohio Department of Insurance consumer hotline at 1-800-686-1526 and visit insurance.ohio.gov for insurance information.

This article was written and published by the Ohio Department of Insurance.

Data Shows Great News for Ohio’s Home and Auto Insurance Rates

The Ohio Department of Insurance recently released data showing estimated rate changes for the top 10 homeowners and auto insurers in 2018. The data shows that Ohio continues its trend of having some of the best rates in country, with homeowners rates continuing to remain stable and auto rates continuing to increase, but only slightly. 

Homeowners Rates Continue to Remain Stable 

Recently released data from the Ohio Department of Insurance shows that estimated rate changes among the top 10 homeowners insurers for 2018 ranged from -3.4 percent to 5.2 percent. When averaged, the overall rate changes were negligible as they averaged zero percent.

Of the ten insurers that make up close to 75 percent of the market in Ohio, two insurers decreased rates, one kept rates flat, and seven increased rates. Of the insurers that increased rates, five took larger rate increases in 2018 than in 2017, with the exception of Nationwide and Grange Insurance.

The largest rate reduction was a 3.4 percent decrease by State Farm.  The largest increase of all 10 insurers was a 5.2 percent increase by Cincinnati Insurance Company.

Ohio continues to boast the ninth lowest homeowner's rates in the country, with an average annual premium of $850.

Auto Rates Continue to Increase, But Only slightly

It is estimated that the ten largest auto insurers increased their rates an average of 0.5 percent in 2018 – a lower average increase than the average rate change of 3.9 percent in 2017.

Rate changes in 2018 ranged from a rate reduction of 4.8 percent by State Farm to an increase by Nationwide of 9 percent. Of the 10 insurers that make up 77.5 percent of the market in Ohio, two insurers decreased rates, two kept rates flat, and six increased rates. Notably, only four of the 10 auto insurers took bigger rate increases in 2018 than they did in 2017.

Ohio’s auto insurance premiums average $727, which is the 14th lowest in the country.

Bottom line 

Ohio’s combined average premiums for home and auto are $551 below the national averages.

Remind your clients that Ohio has a long history of enjoying some of the best rates in the country and continues to do so as a result of our competitive insurance marketplace which only exists because of our stable regulatory, legislative and judicial environments.

Also see:  Insurers put brakes on rising auto rates in Ohio last year

                 Distracted Driving is Enemy No. 1 for Stable Personal Auto Rates


Indianapolis – Julie Hawkins, Emily Marker, and Sonyia Townsend have been promoted to Vice Presidents at Arlington/Roe according to James A. Roe, president and CEO of the company, an independent family owned managing general agency and wholesale insurance broker. Hawkins, Marker and Townsend joined the company in 2013, 2015 and 2008, respectively.

Julie Hawkins was named Vice President, Casualty Practice Leader.

She began her Arlington/Roe career in 2013 as a senior broker. Her prior experience includes work for insurance companies as a multiline broker, reinsurance broker and commercial underwriter. She has also worked for large brokerage firms.

Emily Marker, INS, AINS, was named Vice President, Property Practice Leader.

She most recently served as a property broker after joining the Arlington/Roe brokerage team in 2015. She has been in the insurance industry since 2001, gathering experience at an insurance company as well as at a large wholesale broker, with a focus on property and inland marine. Emily holds designations in General Insurance (INS) and Associate in General Insurance (AINS).

Sonyia Townsend was named Vice President Professional Liability, Practice Leader.

She joined Arlington/Roe in 2008. Before moving to Indianapolis, she worked for recreational vehicle manufacturers in warranty and human resource departments. Sonyia has a degree from Lipscomb University and is working toward her Registered Professional Liability Underwriter (RPLU) designation.

About Arlington/Roe 

Arlington/Roe is a family-owned managing general agency and wholesale insurance brokerage headquartered in Indianapolis, Indiana with offices also in Ohio, Michigan, Illinois, Kentucky, Tennessee, Missouri, Minnesota and Wisconsin. Arlington/Roe was founded in 1964. Arlington/Roe’s specialty departments include Aviation, Bonds, Farm, Personal Lines, Commercial Lines (Underwriting and Brokerage), Transportation and Garage, Professional Liability, Workers’ Compensation and Healthcare & Human Services. The company writes in excess of $220 million in annual premium. 

IACON19 Wrap-Up

Thank you to everyone that joined us for IACON19 last week!

We hope you all had an amazing time and that you were able to go back to your agency and implement the tools and tactics that you learned! Check out the video above for a quick wrap up on IACON19, and stay tuned for next year! 

Did you miss out on IACON19? Click below for the details on what you missed...

 Learn more

 <  1 2 3 4 5 6 7 8 9 10  >