Gov. Kim Reynolds recently signed into law the Iowa Insurance Data Security Act (House File 719), making Iowa one of more than a dozen states to adopt the National Association of Insurance Commissioners' model cybersecurity law, JD Supra reported. Effective Jan. 1, 2022, the act establishes investigation procedures, data security program standards and notification requirements for Iowa Insurance Division-regulated licensees to protect the security and confidentiality of nonpublic information and the security of the licensees' information systems. Licensees with fewer than 20 employees are exempt, as are licensees with less than $5 million in gross annual revenue or less than $10 million in year-end total. Covered licensees must develop, implement and maintain a comprehensive written information security program that considers their size, complexity, the scope of their activities, and the results of a required risk assessment. All insurers domiciled in the state must submit annual reports to the commissioner of insurance by April 15, certifying that the licensee is in compliance.