DE| The reissued Delaware Universally Applicable Bulletin No. 5 reminds all insurance licensees doing business in Delaware of their obligations under the Delaware Insurance Data Security Act, including maintaining an information security program, conducting risk assessments and incident investigations, promptly notifying the Department and impacted consumers of cybersecurity events, and submitting an annual certification of compliance (with affidavit) by February 15 each year, using the Department’s dedicated data security email address; it also clarifies who is a “licensee,” notes certain exemptions (e.g., very small entities and HIPAA-covered entities with compliant security programs), supersedes prior Bulletin No. 3 on data breaches, and emphasizes the Commissioner’s authority to investigate and enforce compliance under 18 Del.C. Chapter 86.