Presentation is loading. Please wait.

Presentation is loading. Please wait.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

Published byMiranda McKinney Modified over 8 years ago

Similar presentations

Presentation on theme: "JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES."— Presentation transcript:

1 JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES

2 Guiding Principles for Insurance Cybersecurity Roadmap for Cybersecurity Consumer Protection Cyber Liability Market Data Collection Examination Protocol Updates New Model: Insurance Data Security Model Law Cybersecurity (EX) Task Force

3 GUIDING PRINCIPLES AND ROADMAP  Guiding Principles for Insurance Cybersecurity  Adopted June 2015  Obligations and expectations on protecting information for insurers, producers, and regulators  Regulatory guidance must be tailored, practical, scalable, flexible, and risk-based  Emphasize importance of planning, training, incident response, audits, vendor monitoring  Roadmap for Cybersecurity Consumer Protection  Adopted December 2015  What consumers can expect all the time from insurers  E.g., What information do they keep about me? What is their privacy policy? How are they protecting my information? Who are they sharing my information with?  What consumers can expect in the event of a breach  E.g., How and when will I be notified? What are they doing to fix the problem? Who can I call for more information? Can I get identify theft protection, credit monitoring, or a credit freeze? Copies of relevant documents?

4 EXAMINATION PROTOCOL UPDATES AND ANNUAL STATEMENT SUPPLEMENT  Exam Protocol Updates  Reviewed existing guidance  Reviewed data security controls  Financial Condition Examiners Handbook – used for examinations with an effective date of December 31, 2015  Market Regulation Handbook updates – expected in 2017  Cybersecurity and Identity Theft Coverage Supplement  Cyber liability market data collection – began Q1 2016  Identity theft insurance  Cybersecurity insurance

5 INSURANCE DATA SECURITY MODEL LAW Consistent meanings for “Data Breach”, “Personal information”, etc. Proposed Common Definitions Requirements, Board of directors role, 3 rd party service providers Information Security Program Pre-breach, post-breach, investigations, notifications Consumer Rights Commissioner’s power, hearings, witnesses, examination authority Regulator’s Role

Download ppt "JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
National implementation of REMIT Henrik Nygaard, Wholesale and transmission (DERA)

National implementation of REMIT Henrik Nygaard, Wholesale and transmission (DERA)
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.

NAIC Oversight of Corporate Governance Commissioner Susan Donegan Vermont Department of Financial Regulation.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.

INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.

Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Corporate Governance and Risk Management Current Practices and Ongoing Developments in the U.S. Commissioner Jim Donelon Louisiana Department of Insurance.

Corporate Governance and Risk Management Current Practices and Ongoing Developments in the U.S. Commissioner Jim Donelon Louisiana Department of Insurance.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Child Protection Policies Training Prepared by: SUNY Office of General Counsel SUNY Compliance Office 2015.

Child Protection Policies Training Prepared by: SUNY Office of General Counsel SUNY Compliance Office 2015.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
2015 ANNUAL TRAINING By: Denise Goff

2015 ANNUAL TRAINING By: Denise Goff
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Similar presentations

Ads by Google