The National Association of Insurance Commissioners is looking for public comment on its draft of “Principles for Effective Cybersecurity Insurance Regulatory Guidance.”
According to an NAIC statement, “this document will help state insurance departments identify uniform standards, promote accountability, and provide access to essential information. It also outlines the process for working with the insurance industry to identify risks and offer practical solutions.” The NAIC draft outlines 18 cybersecurity principles that include; state insurance regulators “significant role and responsibility” regarding protecting consumers from cyber security risks, insurers’ efforts to protect sensitive customer health and financial information, the need to protect sensitive information housed in insurance departments and at the NAIC and all sensitive data should be encrypted.