JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
National implementation of REMIT Henrik Nygaard, Wholesale and transmission (DERA)
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Recent Trends and Insurance Considerations March 2015
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Corporate Governance and Risk Management Current Practices and Ongoing Developments in the U.S. Commissioner Jim Donelon Louisiana Department of Insurance.
Vendor Risk: Effective Management is Essential
Child Protection Policies Training Prepared by: SUNY Office of General Counsel SUNY Compliance Office 2015.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
2015 ANNUAL TRAINING By: Denise Goff
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
KLC President and Bowling Green Mayor Elaine Walker KLC First Vice President and Paducah Mayor Bill Paxton.
RESPONSIBLE SHREDDING Bob Johnson CEO, NAID. Compliant and secure disposition.
September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)
State Alliance for e-Health Conference Meeting January 26, 2007.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.
ICP 20 – U.S. Statutory Financial Reporting
Presented by: John J. Kolhoff, Director Office of Credit Unions NASCUS Board Chair March 25, 2014.
New A.M. Best Cyber Questionnaire
1 PARCC Data Privacy & Security Policy December 2013.
HRPP Policies & Forms Chapter Two Created/Revised for AAHRPP June 1, 2007.
2002 CLRS - Arlington, VA Reserve/Opinion Issues from a Regulatory Perspective Proposed Revision to the NAIC Annual Statement Instructions Richard Marcks,
1 Issues for Consideration in the Solvency Modernization Initiative Ramon Calderon Deputy Commissioner, California Department of Insurance Chair, NAIC.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
CONFERENCE IMPLEMENTATION OF MARKETS IN FINANCIAL INSTRUMENTS DIRECTIVE -MiFID- Split, June 2007 OPENING SPEECH Ante Samodol President of the Board.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Cybersecurity is not a new issue! Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Key Points for a Privacy Programme for Multinationals Steve Coope.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Insurance Summit 2016 REGULATORY UPDATE. Panel Participants Ray Farmer (Director, South Carolina Department of Insurance) Tim Morris (Hanover Stone Solutions)
Pillar 3. Transparency versus Confidentiality. Information Classification. Law on Access to Information Ted Nickel NAIC President Elect and Commissioner,
General Data Protection Regulation (EU 2016/679)
Presented by: David Reid, DBA International
Cyber Insurance Risk Transfer Alternatives
What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.
Medina District Safety Plan.
Can Cyber Insurance Stand in the Data Breach
OAMIC 137th Annual Convention
Chapter 3: IRS and FTC Data Security Rules
Cybersecurity for the Insurance Sector:
David Axtell Todd Martin Stinson Leonard Street, LLP
Red Flags Rule An Introduction County College of Morris
#IASACFO.
ALTA Best Practices.
Cyber Security: What the Head & Board Need to Know
Upcoming PIPEDA Changes
Data Protection What can I do? GDPR Principles General Data Protection
DFS letter has you asking
Getting the Green Light on the Red Flags Rule
Anatomy of a Common Cyber Attack
Presentation transcript:

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES

Guiding Principles for Insurance Cybersecurity Roadmap for Cybersecurity Consumer Protection Cyber Liability Market Data Collection Examination Protocol Updates New Model: Insurance Data Security Model Law Cybersecurity (EX) Task Force

GUIDING PRINCIPLES AND ROADMAP  Guiding Principles for Insurance Cybersecurity  Adopted June 2015  Obligations and expectations on protecting information for insurers, producers, and regulators  Regulatory guidance must be tailored, practical, scalable, flexible, and risk-based  Emphasize importance of planning, training, incident response, audits, vendor monitoring  Roadmap for Cybersecurity Consumer Protection  Adopted December 2015  What consumers can expect all the time from insurers  E.g., What information do they keep about me? What is their privacy policy? How are they protecting my information? Who are they sharing my information with?  What consumers can expect in the event of a breach  E.g., How and when will I be notified? What are they doing to fix the problem? Who can I call for more information? Can I get identify theft protection, credit monitoring, or a credit freeze? Copies of relevant documents?

EXAMINATION PROTOCOL UPDATES AND ANNUAL STATEMENT SUPPLEMENT  Exam Protocol Updates  Reviewed existing guidance  Reviewed data security controls  Financial Condition Examiners Handbook – used for examinations with an effective date of December 31, 2015  Market Regulation Handbook updates – expected in 2017  Cybersecurity and Identity Theft Coverage Supplement  Cyber liability market data collection – began Q  Identity theft insurance  Cybersecurity insurance

INSURANCE DATA SECURITY MODEL LAW Consistent meanings for “Data Breach”, “Personal information”, etc. Proposed Common Definitions Requirements, Board of directors role, 3 rd party service providers Information Security Program Pre-breach, post-breach, investigations, notifications Consumer Rights Commissioner’s power, hearings, witnesses, examination authority Regulator’s Role

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.