The National Association of Insurance Commissioners last month issued a “Cybersecurity Bill of Rights” to let consumers know what to expect from insurance companies that collect, maintain, and use personal information.  It sets out six basic data protection “rights” of insurance consumers and is premised on the realization that insurers are custodians of sensitive personal information belonging to their insureds, and have a duty to protect it and take steps to mitigate any harm in the event of a breach.