As Cybersecurity Concerns Intensify, the Insurance Industry and Regulators Respond
Over the past several years, the insurance industry has struggled with how best to safeguard consumer data. Two new pronouncements – one by the National Association of Insurance Commissioners (NAIC) and one by the Delaware Department of Insurance – show that regulators are poised to push out new requirements, particularly reporting requirements, for insurance organizations.
On Oct. 24, the NAIC adopted the Insurance Data Security Model Law. Modeled after the New York Department of Financial Services cybersecurity regulations that took effect earlier this year, the new NAIC guidelines create rules for insurers, agents and other licensed entities concerning risk assessment, investigation and notifications following a security breach. The new NAIC model law does not include all the particular requirements of the NY-DFS regulation; however, it does create a requirement for reinsurers to provide notice to insurers of cybersecurity events, an issue that was not in the NY-DFS regulation.
The Delaware Department of Insurance has similarly requested additional reporting from organizations that fall within its regulations. Specifically, the Department requests that, as a courtesy, an organization notify it within 24 hours of any suspected unauthorized data release, whether or not the release was inadvertent. This is a different and arguably shorter period than is specified by Delaware’s data breach notification law, which requires that a business notify individuals “as soon as possible following a prompt investigation.” A copy of the Department’s Sept. 22 bulletin outlining its request can be found here.
The Department also requests that companies that mail information to their consumers use closed-faced envelopes to prevent the inadvertent disclosure of confidential consumer information through the use of windowed envelopes.
While notifying the Department of a breach is not required, the Department states that being informed of data breaches or other disclosures of confidential consumer information will enable it to provide more accurate responses to inquiries from consumers and other insurance industry stakeholders. Notification can be made by emailing frank.pyle@state.de.us or calling 302-674-7353.
Given these changes, it is important that insurers remain aware of their reporting obligations for consumer data. We anticipate that additional departments of insurance will be adopting more stringent reporting requirements in the near future.
People News
Steve Johnson Named AIRROC 2017 Person of the Year
Steve Johnson was recently named the 2017 Person of the Year by the Association of Insurance and Reinsurance Runoff Companies’ at the 13th Annual Commutations and Networking Forum in New Brunswick, New Jersey. Steve was recognized as an international thought leader in the insurance and reinsurance runoff business. In presenting the award, AIRROC’s board member Katherine Barker acknowledged Steve’s credentials and significant experience. “This year’s award winner – as described by their nominator – is someone known for his abilities to balance market and administrative solutions that resulted in more efficient mechanisms to wind down estates to the benefit of policyholders and taxpayers,” said Barker.
Stradley Ronon Listed in U.S. News – Best Lawyers “Best Law Firms”
Stradley Ronon’s insurance practice was honored in the latest edition of U.S. News – Best Lawyers “Best Law Firms” list, securing a tier 1 listing in the Philadelphia region. The group was also recognized in the national insurance law listings.
Stradley Ronon Attorneys Named to 2018 Best Lawyers in America List
Twenty-five Stradley Ronon attorneys were named to the recently released 2018 edition of The Best Lawyers in America. Three attorneys from Stradley Ronon’s Insurance Group were included on the list:
Steve Davis Moderates Panel at Property Casualty Insurers’ Northeast General Counsel Seminar
Steve Davis moderated a panel entitled, “Insurance Department General Counsel Discussion,” at the American Property Casualty Insurance Association’s Northeast General Counsel Seminar in Philadelphia. The discussion included insights and practical advice on various regulatory hot topics from Amanda Baird, General Counsel of the Ohio Department of Insurance; Amy Daubert, Chief Counsel of the Pennsylvania Insurance Department; and Gale Simon, Commissioner of Enforcement and Consumer Protection at the New Jersey Department of Banking and Insurance.
Jana Landon Presents at Four Conferences
Jana Landon served as panelist at the Association of Insurance Compliance Professionals 2017 Annual Conference in Seattle. Jana’s panel, “Cyber Security – What You Don’t Know CAN Hurt You,” discussed protection of customer data, company requirements for protecting data, unique insurer vulnerabilities and new regulatory requirements. She served as a panelist at the Pennsylvania Bar Institute’s 22nd Annual Bankruptcy Institute in Philadelphia. Her panel, “Cybersecurity,” discussed the latest challenges facing law firms and their clients, practical low or no-tech ways to up your cybersecurity readiness, and privacy and cybersecurity considerations when handling bankruptcy matters. Jana also presented a safety briefing, focusing on data privacy and security when traveling at the Women’s International Network of Utility Professionals Conference in Philadelphia. Jana served as was a discussion facilitator at The Sedona Conference Working Group on Data Security and Privacy Liability Midyear Meeting in San Diego. Jana’s panel, “Law Firm Data Security,” focused on issues relating to data questionnaires directed to law firms and reasonable practices for protecting client data. The meeting provided an opportunity for working group members to provide commentary on matters including data security and privacy issues in civil litigation, law firm data security, privilege in the data security litigation context, reasonable or unreasonable data security measures, and legal issues in cloud computing.
Karl Myers Records ABA Podcast on Technology in Appellate Practice
Karl Myers recorded a podcast for the American Bar Association, titled, “Optimizing Technology for Appellate Practice.” The show included practical advice for practitioners on how to use technology to achieve efficiencies in preparing appellate briefs and appendices.
Upcoming Events
Steve Johnson will be presenting “Corporate Governance – The Basics,” the first webinar in PAMIC’s series on Corporate Governance Annual Disclosure, with Lisa Cosentino, Partner at Marcum, LLP, on Dec. 13 at 2 p.m.
Information contained in this publication should not be construed as legal advice or opinion or as a substitute for the advice of counsel. The articles by these authors may have first appeared in other publications. The content provided is for educational and informational purposes for the use of clients and others who may be interested in the subject matter. We recommend that readers seek specific advice from counsel about particular matters of interest.
Copyright © 2017 Stradley Ronon Stevens & Young, LLP. All rights reserved.