On September 16, 2015, the Cybersecurity Task Force of the National Association of Insurance Commissioners (NAIC) adopted a cybersecurity “bill of rights” that state regulators could provide to consumers upon NAIC approval. The bill of rights advises policyholders that they have the right to be notified within 60 days of the date of breach and that they are entitled to one year of free credit monitoring paid for by the insurer or the agent implicated by the breach.
The NAIC bill of rights’ disclosures follow the NAIC’s April 2015 adoption of 12 guiding principles for effective cybersecurity and seem to dovetail with renewed GOP focus on a long-stalled cybersecurity bill, the federal Cybersecurity Information Sharing Act (CISA) – intended to enhance the exchange of cyber threat data between business and the government. Though CISA had been stalled for months over privacy concerns, GOP leaders are expected to turn their attention to the bill to it this week.
Also in insurance regulatory news, the International Association of Insurance Supervisors (IAIS), tasked with continued development and implementation of international capital standards to apply to internationally active insurance groups, has reported the completion of the development of the Higher Loss Absorbency (HLA) requirement, a capital standard potentially applicable to Global Systemically Important Insurers (G-SIIs), that will apply in addition to the basic capital requirement. The HLA is designed to address the G-SIIs’ systemic importance in the international system standards.
Both cybersecurity regulation and the establishment of international capital standards are critical to the continued development of a global economy.