Employees of PIA member agencies may log on below:


Ask PIA is a members-only searchable database featuring hundreds of
member questions answered by our highly-qualified technical specialists

If you have not registered for members-only sevices from PIA click here.


Browse by topic



Cyber security regulation—risk assessment
Is there a specific qualification for the risk assessor? In other words, can the owner/principal of the agency or an agency employee perform the......


Cyber security regulation—no agency management system
Am I required to comply with the cyber security regulation if my agency does not have an agency management system? The policies I write for......


Cyber security regulation—who is subject?
Who is subject to the cyber security regulation?...


Cyber security regulation—limited exemption
What is the limited exemption?...


Cyber security regulation—compliance with limited exemption
If I qualify for the limited exemption, what do I need to do?...


Cyber security regulation—where to start
To comply with the cyber security regulation, where should I start?...


Cyber security regulation—noncompliance penalty
What would the penalty be if an insurance agent or broker did not comply with the New York cyber security regulation?...


Cyber security regulation—notices 
How should a covered entity submit cyber security event notices, compliance certifications and exemption notices to the department?...


Cyber security regulation—covered entity
Can an entity be both a covered entity and a third-party service provider under New York’s 23 NYCRR Part 500 cyber security regulation?...


Cyber security regulation—multi-factor authentication
Are all third-party service providers required to implement multi-factor authentication and encryption when dealing with a covered entity?...


Cyber security regulation—shell corporations
I have a partner who also has an independent insurance agency. We created an insurance-licensed entity for company appointment purposes, as well......


Cyber security regulation—third-party service providers
What are “third-party service providers”?...


Cyber security regulation—definitions
What is a “cyber security event”? What is “nonpublic information”?...


Cyber security regulation—reportable events
When is an unsuccessful cyber security attack a reportable event?...


Cyber security regulation—encryption
Do the New York cyber security regulations require me to encrypt my email and policyholder data?...


Cyber security regulation—submitting limited exemption
What are the steps to submit my New York cyber security limited exemption online? What if I need to amend an exemption or no longer qualify for......


Cyber security regulation—limited exemption form required for employees?
Do my licensed employees, agents and representatives need to submit their own individual “Notice of Exemption” forms?...


Cyber security regulation—what am I exempt from?
I filed the exemption, but I can’t find anywhere what we are exempted from. What is the point of filing the exemption notice when doing......


Cyber security regulation—retired licensee
I’m retired and no longer using my insurance license. I don’t use a computer or information system, nor do I retain any......


If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?
If I am a 1099 independent contractor, do I need to comply with New York’s cyber security regulation?...


Notification of data breach
I think that my computer information system was breached by a hacker. Am I required to notify my clients?...


Cyber security regulation—inactive licensee
I’m licensed but do not actively use my license. What do I need to do? Am I exempt?...


General Data Protection Regulation compliance
I have heard that the European Union just passed a cybersecurity regulation. Does it impact producers in the U.S.? If so, how do we comply with it?...