From: JDSupra Business Advisor
John Pitblado,Robert Shapiro | Carlton Fields Jorden Burt
Spurred by the prescient reporting found in this space (and, just maybe, by the Anthem data breach, which occurred a week later), insurance regulators have recently engaged in a flurry of regulatory activity relating to cyber security issues.
- Very shortly after the Anthem breach was announced, the newly-formed Cybersecurity (EX) Task Force of the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices and released a consumer alert.
- California’s department jumped into action as well. On a consumer alert page dedicated to the Anthem breach, it announced that California intends to be a lead state in the multi-state combined financial and market conduct examination. The financial and market conduct examinations will investigate all aspects of the data breach. A major component will include analyzing Anthem’s information technology systems to determine what protections were in place and what actions could have been taken to minimize data losses.
***
Making Encryption the Norm
A number of putative class actions based on the data breach have already been filed against Anthem. A recurring theme of the complaints in those actions is Anthem’s alleged failure to encrypt personal and private consumer data. As one commentator noted:
Leave a Reply