Skip to main content

  • AddRemove
  • Build a Report 
Legal Update

National Association of Insurance Commissioners Issues Cybersecurity Roadmap

30 December 2015
Mayer Brown Legal Update

The National Association of Insurance Commissioners’ (NAIC) Executive Committee and Plenary has approved the NAIC Roadmap for Cybersecurity Consumer Protections (the “Roadmap”), formerly the Cybersecurity Bill of Rights. The Roadmap “describes the protections the NAIC believes consumers are entitled to from insurance companies, agents and other businesses when they collect, maintain and use” personal information. It provides, among other rights, that insurance consumers have the right to:

  • Expect each insurance company and agency to have a privacy policy posted on its website;
  • Expect insurance companies, agents and any businesses they contract with to take reasonable steps to keep unauthorized persons from seeing, stealing or using their personal information;
  • Receive a notice if an unauthorized person has (or it seems likely they have) seen, stolen or used their personal information; and
  • Get at least one year of identity theft protection paid for by the company or agent involved in a data breach.

The Roadmap did not pass without objections. Some interested parties expressed concern that state legislatures will be reluctant to enact a sector-specific law, and others emphasized the need for a more deliberative policy development process. The Independent Insurance Agents & Brokers of America expressed concern that insurance agents would be required by law to provide affected consumers with one year of identity theft protection following a data breach. The organization argued that identify theft protection is of low value to a consumer when his/her personal information has been stolen and that consumers can obtain such protection on their own, often at no cost to them.

Currently, the Roadmap is not binding on states, but supporters hope that it will ultimately lead to a single model law during 2016. They appreciate the NAIC’s effort to adopt a single model law rather than attempt to shape multiple regulations. As 2016 begins, insurance companies and agents should remain alert to developments in this area of consumer protection.


  • Rajesh De
    T +1 202 263 3366
  • James R. Woods
    T +1 212 506 2390
  • Lawrence R. Hamilton
    T +1 312 701 7055
  • Marcus A. Christian
    T +1 202 263 3731

The Build a Report feature requires the use of cookies to function properly.  Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently.  If you do not accept cookies, this function will not work.  For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.