Insurance agents and brokers should be thinking about the cybersecurity guidance that the National Association of Insurance Commissioners (NAIC) recommended in April.
Producers, as well as insurance companies, can be held liable for the loss of prospect or client protected health information (PHI) or personally identifiable information (PII), such as an individual’s full name, date of birth, address, and Social Security number.
The new NAIC guidance, The Principles for Effective Cybersecurity: Insurance Regulatory Guidance, calls for state insurance regulators “to ensure that personally identifiable consumer information held by insurers, producers and other regulated entities is protected from cybersecurity risks.”
The guidance encourages insurers, agencies and producers to secure data and maintain security with nationally recognized efforts, such as those embodied in the National Institute of Standards and Technology (NIST) framework.