Cybersecurity Bill of Rights may confuse insurers, consumers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fiercehealthpayer.com/story/cybersecurity-bill-rights-may-confuse-insurers-consumers/2015-09-08

Consumer and industry groups alike have expressed concerns about a
"Cybersecurity Bill of Rights" proposed this summer by state insurance
commissioners, InsuranceNewsNet reports.

The National Association of Insurance Commissioners (NAIC) created the bill
of rights to guide insurers' response to data breaches as well as explain
how consumers can seek help if they are affected by a breach. The NAIC also
is evaluating whether insurers are doing enough to protect customers'
sensitive information.

Yet the bill of rights' density is likely to discourage individuals from
actually reading it, consumer advocates wrote in comments distributed at
NAIC's Summer Meeting in Chicago, the article notes.

And insurance groups say customers and carriers may misunderstand the
document, interpreting some of its provisions as granting consumers
protections that exceed what individual state laws require. Furthermore,
the bill of rights' critics say insurers' obligations to consumers may
actually go beyond what's required by law.

Either way, the bill of rights is highly unlikely to become a binding
document, as the NAIC lacks legislative or regulatory power, a fact that
even one insurance regulator points out. Thus, "it may be that this broad
and general Cybersecurity Bill of Rights will have limited utility," says
Susanne K. Murphy, special deputy commissioner with the Florida Office of
Insurance Regulation.

Cybersecurity remains a major area of concern among health insurers,
however,especially in the wake of the historic Anthem breach that
compromised the data of 80 million customers. In response, the company
spent $65 million upgrading security in 2015 and it plans to spend another
$65 million on the effort in the future,JD Supra Business Advisor reports.

The Blue Cross Blue Shield Association, of which Anthem is a member,
alsoannounced in July that it will offer identity protection to all of its
106 million members, though as one cybersecurity expert points out,
insurers must do more to prevent attacks from happening in the first place.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!