October 20, 2017
The recent Equifax breach has rekindled the conversation for a federal standard for data breach notification, a position The Council supports. Recently introduced in the House of Representatives, The Secure and Protect Americans’ Data Act would establish a national cyber breach notification law and “standardize data security and protection for covered entities across the nation, regardless of industry,” according to a recent Reactions article.
Currently, 47 unique data breach notification laws exist at the state level. The Council believes a uniform data breach notification law would ease compliance burdens that businesses face in the wake of a breach affecting clients across state lines.
Although the law would not impact insurers and brokers directly, as the bill refers to entities under the Federal Trade Commission’s jurisdiction, this regulation could drastically lower legal fees for insurers writing cyber business.
Shiraz Saeed, national practice leader for cyber risk at Starr Companies, agreed that federal regulation could save insurers money. “Traditional logic would say that standardization would lead to lower costs, so a standard federal law relating to responsibilities corporations have relating to protecting private information or managing cyber risk could lead to lower costs relating to notifications and other incident response expenses your organization might incur.”