On December 17, 2015, members of the National Association of Insurance Commissioners Executive Committee approved a revised version of its Cybersecurity Bill of Rights that includes a name change and the addition of an introductory paragraph.
The Task Force changed the name of the document to “NAIC Roadmap for Cybersecurity Consumer Protections,” but the new introductory paragraph states that the document “functions as a Consumer Bill of Rights.” The document is still intended to serve as an impetus for drafting a model cybersecurity law.
This new “Roadmap” does not bind states to act on the document, nor does it bind states to a position that everything in the document should be in the model law.
Notwithstanding these revisions, certain industry participants continue to believe that since no other changes have been made the document still goes beyond being aspirational and could mislead consumers about their legal rights. Further, the new document does not address the comments of certain regulated entities that parts of the Bill of Rights were inconsistent with existing state laws.