Notification of Breach of System Security Event (Maine Notice of Risk to Personal Data Act)

The Maine Notice of Risk to Personal Data Act, 10 M.R.S. §§ 1346 – 1350-B, requires information brokers and any other person regulated by the Bureau of Insurance and who maintains computerized data that includes personal information to notify the Superintendent following discovery or notification of the breach of the security of its computer system.  Like the notice that consumers must receive, this notice should be given to the Superintendent as expediently as possible and without unreasonable delay. 

Use this form if you are a non-resident licensee of the Bureau of Insurance and you are confident the security breach involves between 1 and 249 Maine residents.  If you do not know how many Maine residents are affected, but you have reason to think that the number is at least 250, you should use the “IDSA Notification of Cybersecurity Event ” form.

We will treat questions with the word confidential highlighted in yellow confidentially. 

If you have questions about the Act, please contact the Bureau at CyberSecurity.BOI@maine.gov or call (800) 300-5000.

*Required - Required fields have an asterisk beside the field name. You will not be able to submit your form until all required fields are completed. When your report has been successfully submitted, you will receive an immediate confirmation. If you do not receive this confirmation, then there is an error.