Insurance Groups Oppose Latest Insurance Data Security Model Draft
August 30, 2016 by Thomas Harman
SAN DIEGO – Insurance industry officials panned the latest draft of a National Association of Insurance Commissioners’ insurance data security model law, with some vowing to oppose it should it ultimately be offered as state legislation.
Various industry representatives voiced their opinions to the NAIC cybersecurity task force during the NAIC Summer National Meeting. Panel Chairman Adam Hamm, North Dakota insurance commissioner and an NAIC past-president, said a Sept. 16 written comment deadline has been set and said a conference call to discuss comments would follow.
Hamm has said he wants to have the document approved sometime before the NAIC Fall National Meeting in Miami this December. Doing so would allow state lawmakers to begin using it to write model legislation before the 2017 session and would allow states to ask Congress to carve out insurance provisions in any data-breach cybersecurity legislation to come (Best’s News Service, June 24, 2016).
But insurance industry groups responding to the second attempt at the model opposed it just as they did an initial draft offered earlier this year.
Roberta Meyer, vice president and associate general counsel at the American Council of Life Insurers, said despite some changes in the first draft, fundamental concerns remain, including the need to create data breach uniformity among states, 47 of which have passed their own laws in that area. “It is our view that unless the model provides for exclusive standards within individual states and uniform standards for security in a breach notification to be consistently enforced, and to provide uniform or level consumer protection from state to state, then respectfully we would submit that we do not see a need to pursue the model,” she said.
Robert Woody, vice president of policy at the Property Casualty Insurers Association of America, said while the second draft improved on the original, problems remain. He said uniformity to avoid having companies deal with a patchwork of state laws remains the goal. “If we don’t achieve that with this draft, then we’re not really sure what the point of it is,” he said.
Woody said the new draft lacks a harm threshold that would trigger breach notices. “We don’t consider that to be consumer friendly because you end up bombarding consumers with a lot of notices about things that don’t really harm them,” he said. PCI members have told its officers the latest draft still contains a too-broad definition of personal information, which Woody said includes “a lot of things that are not very sensitive.”
Wes Bissett, senior counsel, government affairs for the Independent Insurance Agents & Brokers of America, said the Big I was “incredibly concerned” about the latest draft. Problems pertain to the new third-party service provider provisions and the expanded definition of personal information. Bissett said even if such a document had industry support, it would be a hard sell to state legislatures. “It’s not a slam dunk,” he said. “With this model, what we would be asking state legislatures to do is to alter the existing data security breach statutes that are in place in just about every state and set new rules in place just for one industry — for us — that would be different than any other type of business out there and I suspect that some legislatures would view that with skepticism.”
“We would be opposing legislation of this nature or something similar to it in state capitols in 2017 and beyond,” he said. “The most recent draft that was released last week continues to have some of the fundamental problems that we have identified in the past.”
Bissett said the Big I would continue working with regulators on the draft, but urged regulators on the task force to meet with domestic insurance industry representatives, along with agents and brokers, to discuss the impact it might have.
Karalee Morell, vice president and assistant general counsel at the Reinsurance Association of America, told Best’s News Service the current draft still has of concern. “You wouldn’t want speed to inhibit the completion of a law that actually makes sense and is workable and would benefit industry as well as consumers,” she said.
(By Thomas Harman, Washington Bureau manager, BestWeek: Tom.Harman@ambest.com)
BN-NJ-8-29-2016 1628 ET #
