Gov. John Carney Jr. signed the Delaware Insurance Data Security Act into law July 31.
The law requires insurance companies to implement information security programs and conduct risk assessments to try to prevent data breaches and compromising of consumers' nonpublic information and personal data.
It also requires insurers to conduct investigations to determine if a cybersecurity event or data breach may have occurred and notify the state's insurance regulator within three business days of discovering them.
Insurers must also notify all affected consumers within 60 days and offer free credit monitoring services to those affected. The insurance commissioner can also investigate potential violations of the new law and take action accordingly.
The law is based on a model act from the National Association of Insurance Commissioners.
The law's enactment comes a little more than a month after the Delaware Department of Insurance said Dominion National Insurance Co. may have compromised the personal data of 95,000 state residents in a security breach that may have occurred as early as Aug. 25, 2010.