Hot on the heels of the adoption of the Cybersecurity Bill of Rights by the Cybersecurity (EX) Task Force of the National Association of Insurance Commissioners (NAIC), a further raft of regulatory changes is expected in 2016 so insurers will need to ensure this topic is at the centre of their radar.
The Cybersecurity Bill of Rights is a broad document that lays out insurance consumers’ rights with respect to cybersecurity. These include, for instance, the right to know the types of personal information collected and stored by insurance companies and agents (and businesses with which they contract) as well as rights in the event of identity theft.
However, there is more to come. In 2016, NAIC will continue its efforts to advance cybersecurity in the insurance industry by working on amendments to some of its existing model laws and regulations to impose further requirements on insurance companies with respect to cybersecurity and related issues. In addition, in the coming year a number of state regulators will also impose further regulations and requirements with respect to cybersecurity on insurance companies. For example, the New York Department of Financial Services (NY DFS) is expected to introduce additional cybersecurity regulations for insurers and banks that it regulates.