BreachExchange mailing list archives
Cybersecurity Bill of Rights may confuse insurers, consumers
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 8 Sep 2015 19:29:42 -0600
http://www.fiercehealthpayer.com/story/cybersecurity-bill-rights-may-confuse-insurers-consumers/2015-09-08 Consumer and industry groups alike have expressed concerns about a "Cybersecurity Bill of Rights" proposed this summer by state insurance commissioners, InsuranceNewsNet reports. The National Association of Insurance Commissioners (NAIC) created the bill of rights to guide insurers' response to data breaches as well as explain how consumers can seek help if they are affected by a breach. The NAIC also is evaluating whether insurers are doing enough to protect customers' sensitive information. Yet the bill of rights' density is likely to discourage individuals from actually reading it, consumer advocates wrote in comments distributed at NAIC's Summer Meeting in Chicago, the article notes. And insurance groups say customers and carriers may misunderstand the document, interpreting some of its provisions as granting consumers protections that exceed what individual state laws require. Furthermore, the bill of rights' critics say insurers' obligations to consumers may actually go beyond what's required by law. Either way, the bill of rights is highly unlikely to become a binding document, as the NAIC lacks legislative or regulatory power, a fact that even one insurance regulator points out. Thus, "it may be that this broad and general Cybersecurity Bill of Rights will have limited utility," says Susanne K. Murphy, special deputy commissioner with the Florida Office of Insurance Regulation. Cybersecurity remains a major area of concern among health insurers, however,especially in the wake of the historic Anthem breach that compromised the data of 80 million customers. In response, the company spent $65 million upgrading security in 2015 and it plans to spend another $65 million on the effort in the future,JD Supra Business Advisor reports. The Blue Cross Blue Shield Association, of which Anthem is a member, alsoannounced in July that it will offer identity protection to all of its 106 million members, though as one cybersecurity expert points out, insurers must do more to prevent attacks from happening in the first place.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Cybersecurity Bill of Rights may confuse insurers, consumers Audrey McNeil (Sep 10)