Hunton Andrews Kurth writes:
On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Although the Bill takes effect January 1, 2020, licensees have one year from the effective date to implement relevant cybersecurity requirements and two years from the effective date to ensure that their third-party vendors also implement appropriate safeguards to protect and secure the information systems and nonpublic information accessible to, or held by, the third-party service providers.
Read more on Privacy & Information Security Law Blog.
A few weeks ago, Delaware signed a similar bill into law.