NAIC Adopts Cybersecurity Bill of Rights

October 20, 2015

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity (EX) Task Force adopted the Cybersecurity Bill of Rights, a project aimed at bolstering consumer protection and providing policyholders information on what to expect if their personal information is compromised.

“Consumers have a right to expect their personal, financial and health information entrusted to the insurance industry is secure,” said Adam Hamm, North Dakota insurance commissioner and NAIC Cybersecurity Task Force chair. “They also deserve to know when a breach occurs so they can safeguard themselves against identity theft or other types of fraud. This Bill of Rights is designed to assist consumers when sensitive information is breached.”

According to the NAIC, the Cybersecurity Bill of Rights is intended to help update model laws considered by the Cybersecurity (EX) Task Force, including: Insurance Information and Privacy Protection Model ActPrivacy of Consumer Financial Health and Information RegulationStandards for Safeguarding Consumer Information Model Regulation and Insurance Fraud Prevention Model Act.

The Cybersecurity Bill of Rights will be made available for state insurance departments to publish for local consumers. These rights may vary, depending on state law.

“Cybersecurity is one of the biggest challenges facing businesses today and this is one of our association's key priorities,” said Monica J. Lindeen, NAIC president and Montana insurance commissioner. “Our commitment to strengthening the NAIC's technical and information services infrastructure and our security environment is demonstrated in our current budget, as well as strategic planning for the next few years.”

Earlier this year, the NAIC created a Security Breach Response Headquarters to help consumers in the wake of a cybersecurity breach as part of the response to large cyber data breaches.

The NAIC also has published a Principles for Effective Cybersecurity: Insurance Regulatory Guidance.

October is National Cybersecurity Awareness Month. This is a great time to review how your company protects non-public personal information. To help you with this, ALTA will host a free webinar on data security essentials from 2:00-3:00 p.m. EDT on Wednesday, Oct. 28. Click here to register.


Contact ALTA at 202-296-3671 or communications@alta.org.