Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Life Health > Health Insurance > Your Practice

NAIC sets cybersecurity regulatory principles

By Allison Bell

X
Your article was successfully shared with the contacts you provided.

State insurance regulators have developed a set of 12 principles that could shape their efforts to promote data security.

The National Association of Insurance Commissioners (NAIC) recently posted a copy of the document on its website.

The NAIC’s Cybersecurity Task Force exposed a draft of the document in March, a few weeks after Anthem Inc. (NYSE:ANTM) reported suffering an attack that could have affected the security of records on about 79 million people.

Commenters who reviewed the draft suggested that some proposed principles were too specific, and that others suggested that state regulators would try to play a role beyond their capabilities.

In the March draft, for example, the principles called for insurers to join the Financial Services Information Sharing and Analysis Center (FSISAC) and declared that, “Insurance regulators have a significant role and responsibility regarding the insurer’s efforts to protect sensitive customer health and financial information.”

In the final version, the NAIC says that, “State insurance regulators have a responsibility to ensure” personally identifiable information held by insurers, producers and other regulated entities be protected.

State insurance regulators should “collaborate with insurers, insurance producers and the federal government to achieve a consistent, coordinated approach,” the NAIC says.

In the provision about information-sharing, the NAIC now says insurers and insurance producers should use an information-sharing and analysis organization to keep up-to-date on data security matters, but it does not say which organization insurers should join.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.