PIA Comments at NAIC Cybersecurity Task Force Interim Meeting

June 1, 2016

On May 24-25, PIA participated in an interim meeting of the National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force, chaired by North Dakota Commissioner Adam Hamm.  The meeting was an opportunity for interested parties who had expressed substantial concerns about the Task Force’s Preliminary Working and Discussion Draft of the Insurance Data Security Model Law, which was first exposed in March and discussed at the NAIC’s National Meeting in New Orleans in April. 

PIA provided comments to the Task Force in writing in advance of the New Orleans meeting, verbally during the New Orleans meeting, and plans to provide comments in writing again later this week.

During the interim meeting last week, the Task Force invited interested parties to provide feedback on each section of the Preliminary Draft, one at a time.  Regulators engaged in a dialogue with interested parties in response to their expressed concerns.  Of particular interest were:
·         the value of uniformity across all states as a goal and the likelihood of this model to achieve that goal
·         the scalability of the requirements the draft imposes on small-business licensees, including insurance agencies
·         the feasibility of meeting the requirements imposed on third-party vendors
·         questions about the notice requirements to commissioners, consumers, and others
·         the enormous discretion provided to commissioners to edit consumer notifications, set forth appropriate consumer remedies in breach cases, and promulgate additional regulations as needed

Following the interim meeting, the Preliminary Draft was again exposed for a 10-day period.  A second exposure is anticipated and is expected to end before the NAIC’s next National Meeting in the latter half of August. PIA intends to comment on the second exposure and remain extremely involved in the NAIC process on this important issue.