Cybersecurity & Data Breach

Several data breach and cybersecurity bills are pending in Congress but it is unlikely a bi-partisan agreement will be reached in the short term. In 2013, the White House issued a cybersecurity Executive Order which called for a voluntary sharing of data between business and government but did not give a full framework of how that sharing is to be conducted, who owns the process, and what protections would exist for companies that participate. The Trump Administration issued another Executive Order regarding cybersecurity in 2017, calling for strengthening the government’s cybersecurity efforts and to protect the critical infrastructure from cyber-attacks.

The financial services sector recognizes the need for consumer privacy in implementing security techniques. Insurers and others in the financial services industry have urged Congress to ensure that legislation provides the appropriate balance to protect privacy, while allowing financial institutions to evaluate information for cybersecurity threats.

Insurers are already subject to data protection requirements at the state level. At the federal level, the Gramm, Leach, Bliley Act and the Fair Credit Reporting Act imposed additional data protection requirements on insurers. Transamerica supports our industry’s position of reasonable data breach notification requirements. Insurers do not present a cyber-risk which requires imposition of a new federal regulations imposed by the Department of Homeland Security.