Privacy Protection (H) Working Group Update

Article reading time: 1 minute 30 seconds

Hot Take:

Hot Take

JLK Rosenberger is carrying on our holiday tradition of taking a new perspective on a holiday classic – the Twelve Days of Christmas. Rather than filling your head with turtle doves and gold rings, we are focusing on the latest changes to SSAP and how they will impact your insurance entity in 2023 and beyond.

In today’s installment, we summarize The Privacy Protection (H) Working Group’s latest meeting held in Orlando, Florida. While the Federal Government is slow in enacting a comprehensive data privacy policy that adapts to the evolving technology landscape, states are forging ahead with their own versions of data protection legislation.

Full Article

The Privacy Protections (H) Working Group session at the NAIC Fall Meeting held in December 2023 offers exciting news and updates. Jennifer Neuerburg and Shana Oppenheim provided updates on the state and federal legislative activities, respectively. Neuerburg summarized that in the absence of a federal law on privacy legislation relating to insurance practices, many states have enacted data privacy laws or are about to tackle this critical issue. Thirteen states have comprehensive data protection laws. Oppenheim reported that Chairman Patrick McHenry, head of the financial committee, is working on the Gramm-Leach-Bliley Law, which is expected to be evaluated shortly.

Eric Ellsworth, a data scientist from Consumers’ Checkbook, provided an educational and informative update on the consumers’ increasing concerns about data privacy, costs of data breaches, and risks in legacy systems. Central to the consumers’ heightened concerns included the lack of authority, accountability, and skills to protect their data. Ellsworth gave some staggering numbers relating to the cost of a breach:

  • The average ransomware attack cost is $4.65 million, with some incidents costing insurers as much as $40 million.
  • The average time to resume normal operations is 22 days.
  • Additional cost to brand and reputation

Ellsworth predicted over 50% of the large insurance carriers are three times at risk of experiencing a data breach incident. Unfortunately, audio technical difficulties precluded Mr. Ellsworth from addressing the risks of data breaches of legacy systems. Judging from his presentation and the audience, the issues surrounding data privacy protection are a hot topic and have the attention of the NAIC.

The presentation highlighted the rise in cost and impact of cyber incidents are forcing many organizations to evaluate their current cybersecurity insurance coverage. However, having insurance alone does not exempt organizations from the pains of a cyber incident. A comprehensive cyber safety and readiness plan is not only prudent, but effectively essential for insurance companies.