INDIANAPOLIS (July 7, 2005)—Differences in the 19 security breach notification laws enacted so far this year should be of concern to insurers conducting business in multiple states, according to an analysis by the National Association of Mutual Insurance Companies (NAMIC).
The latest NAMIC Issue Brief “Security Breach Notification Laws: What Threats Do They Pose for Insurers?” concludes that Florida lawmakers enacted the most stringent notification law so far this year.
The Florida law makes businesses subject to specific timelines for reporting security breaches, regardless of whether the business owns the data or not. It also requires businesses to maintain documentation for up to five years of any incidents where a security breach is investigated, but it’s determined the breach will not likely harm individuals. Failure to keep such documentation can result in a fine up to $50,000.
The analysis also found:
The analysis is intended to help insurers to closely monitor similar bill introductions and to avoid certain provisions that would impose unreasonable requirements on them.
This Issue Brief is the latest in a series of briefs that NAMIC has published on topics of timely interest to the property/casualty industry. In May, NAMIC produced a brief entitled “Insurance Fraud: Most States Act to Curb the Abuses, But Adequate Statutory Remedies Still Lacking in a Few States.” It describes the formation and role of the Coalition Against Insurance Fraud, provides a synopsis of what states have done to curb fraud, and details some encouraging legislative developments. In June, a brief entitled “Evaluation of Costs and Benefits: The NAIC’s Proposed Internal Control Reporting Provisions” detailed the costs involved in Section 404 of the Sarbanes-Oxley Act of 2002 being applied to mutual insurers.
“Security Breach Notification Laws: What Threats Do They Pose for Insurers?” can be read at NAMIC Online.
All NAMIC Issue Briefs can be downloaded from NAMIC’s website, NAMIC Online.
Posted: Thursday, July 07, 2005 12:00:00 AM. Modified: Thursday, July 07, 2005 4:14:48 PM.
317.875.5250 - Indianapolis | 202.628.1558 - Washington, D.C.