Persons and business entities subject to regulation by the Bureau of Insurance should be aware of the notification requirements related to cybersecurity events. These requirements are found in two Maine statutes - the Insurance Data Security Act (IDSA) and the Notice of Risk to Personal Data Act (NRPDA). Each law requires notification to the Superintendent and to affected customers under certain circumstances and within certain times. This page contains information about submitting the forms required under these laws. Before submitting the forms on this page, you should read our Bulletin 468, Maine Law Concerning Cybersecurity Events, and our FAQs related to NRPDA. Please contact us at CyberSecurity.BOI@maine.gov with any questions.