Cyber security Bill of Rights for Insurance Consumers:
As I discussed in the article Privacy issues vs. Insurance Cost savings more and more information will be used and collected to help insurers make decisions.
It can be in your interest to collect and share more information but the National Association of Insurance Commissioners (NAIC) doesn’t want this to come at your risk. As an insurance consumer, you are entitled to certain rights and protections from insurance companies, agents, and other businesses when they collect, maintain, and use your personal information.
These rights apply in the event your personal information is involved in a data breach. Not all of these consumer protections are currently provided for under state law.
The National Association of Insurance Commissioners’ developed an Insurance Consumer ‘s Cybersecurity Bill of Rights’, which can be seen below.
Consumer Cyber-security Bill of Rights by NAIC:
As an insurance consumer, you have the right to:
- Know the types of personal information collected and stored by your insurance company, agent or any business it contracts with (such as marketers and data warehouses).
- Expect your insurance company, agent or any business it contracts with to take reasonable steps to keep unauthorized persons from seeing, stealing or using your personal information.
- Get a notice from your insurance company, agent or any business it contracts with if an unauthorized person has (or it seems likely he or she has) seen, stolen or used your personal information. This is called a data breach. This notice should:
- Be sent in writing by first-class mail or by e-mail if you have agreed to that.
- Be sent soon after a data breach and never more than 60 days after a data breach is discovered.
- Describe the type of information involved in a data breach and the steps you can take to protect yourself from identity theft or fraud.
- Describe the action(s) the insurance company, agent or business it contracts with has taken to keep your personal information safe.
- Include contact information for the three nationwide credit bureaus.
- Include contact information for the company or agent involved in a data breach.
- Get at least one year of identity theft protection paid for by the company or agent involved in a data breach.
- If someone steals your identity, you have a right to:
- Put a 90-day initial fraud alert on your credit reports. (The first credit bureau you contact will alert the other two.)
- Put a seven-year extended fraud alert on your credit reports.
- Put a credit freeze on your credit report.
- Get a free copy of your credit report from each credit bureau.
- Get fraudulent information related to the data breach removed (or “blocked”) from your credit reports.
- Dispute fraudulent or wrong information on your credit reports.
- Stop creditors and debt collectors from reporting fraudulent accounts related to the data breach.
- Get copies of documents related to the identity theft.
- Stop a debt collector from contacting you.
This document functions as a Consumer Bill of Rights and will be incorporated into NAIC model laws and regulations. Please visit http://www.naic.org/ for more information.
If you have questions about data security, a notice you receive about a data breach, or other issues concerning your personal information in an insurance transaction, you should contact your state insurance department to determine your existing rights.
To learn more about the protections in your state or territory, contact your consumer protection office at https://www.usa.gov/state-consumer or your state or territory’s insurance department at www.naic.org/state_web_map.htm