Changes in the Privacy and Network Security Landscape
New laws are on the horizon for managing data security breaches. A recently proposed law, in fact, seeks to protect the consumer by notifying them when their information has been compromised and to reduce the occurrence of these breaches altogether. As this issue is increasingly problematic, employing the proper Privacy and Network Security Programs can help to alleviate the risk.
While 47 states and the District of Columbia each have their own definition of what a data breach is and how these events are triggered and managed, the new law aims to expedite the notification process. H.R. 1770 would require the notification to consumers whose “personal information” security has been compromised. Several of the same data fields that are typically covered by existing state laws such as social security numbers, financial account numbers, cred/debit card numbers, and names and passwords associated with these accounts are included in this law, according to Inside Counsel. However, information that is not typically covered is being included in the proposed law such as biometric data and unique account identifiers, as well.
The bill also states that data that is rendered “unusable, unreadable, or indecipherable through data security technology or methodology that is generally accepted by experts in the field of information security” would not be included in the notification process to its consumers. In other words, any company that is a victim of a security breach is responsible for notifying its affected consumers in a timely manner, unless there isn’t a reasonable risk.
What’s more, any company whose breached information exceeds 10,000 must notify the Federal Trade Commission and Secret Service or FBI, as reported by Inside Counsel. In addition, the Fair Credit Reporting Act would also need to be notified in order to ensure proper credit monitoring for its affected consumers.
Another proposed law is the Cybersecurity Information Sharing Act of 2015, or CISA. This component would allow for private entities to provide information about threatening indicators to the government in order to prevent future breaches.
This bill, which is high priority with Congress, is said to be emplaced within a year if it approved. As millions of cyber-attacks occur each year, this law is a step to mitigate these immense losses. In addition to bringing you the latest news from the insurance industry, PL Risk provides Resources for Agents and Brokers nationwide. We’ve recently implemented Hiscox Now, which allows agents their own access to Hiscox and instant quoting. To learn more, contact us today at (855) 403-5982.