[BreachExchange] NAIC anticipates return of cyber insurance legislation

[Audrey McNeil]

http://www.businessinsurance.com/article/20161213/NEWS06/
912310951/NAIC-anticipates-cyber-Data-Breach-Insurance-Act

Legislation to encourage businesses to purchase data breach insurance is
likely to re-emerge after the new U.S. Congress convenes in January,
according to an official with the National Association of Insurance
Commissioners.

The Data Breach Insurance Act, H.R. 6032, introduced in the House of
Representatives in September by Rep. Ed Perlmutter, D-Colo., would amend
the Internal Revenue Code to allow a business tax credit for the purchase
of qualified data breach insurance, according to its legislative text.
Qualified data breach insurance, as defined in the bill, is coverage
provided by an insurer for expenses or losses in connection with the theft,
loss, disclosure, inaccessibility or manipulation of data.

The credit would apply for five years and be equal to 15% of the annual
premiums paid or incurred for the insurance in the ordinary course of the
taxpayer's trade or business.

Insurance does not qualify for the credit unless the taxpayer has adopted
and is in compliance with the Framework for Improving Critical
Infrastructure Cybersecurity published by the National Institute of
Standards and Technology or any similar standard specified by the Internal
Revenue Service, according to the bill.

“Congress has now adjourned, but we’ll likely see that reintroduced when
the new Congress convenes in January,” Brooke Stringer, Washington-based
government relations policy adviser, told attendees of the National
Association of Insurance Commissioners fall meeting in Miami on Monday.

Rep. Randy Neugebauer, R-Texas, the chairman of the Financial Institutions
and Consumer Credit Subcommittee who is retiring, and Rep. John Carney,
D-Del., a member of the Financial Services Committee, introduced the Data
Security Act of 2015 to protect consumers from identity theft and fraud.
The bill would establish a national data security and breach notification
standard for financial institutions and retailers to better protect
consumer financial data.

“I anticipate that someone will pick up that bill, another member on the
House Financial Services Committee,” Ms. Stringer said. “Of course, the
NAIC opposed that bill. I anticipate that we will see that legislation
again. As soon as the new Congress comes in, we’ll be up there sharing our
views on that.”

NAIC opposed the bill due to concerns that it would frustrate the existing
regulatory framework at the state level and prevent state regulators and
legislators from imposing additional requirements or prohibitions on the
responsibilities to protect or safeguard information on the front end or to
investigate and mitigate on the back end following a breach, according to
NAIC.

In addition, President Barack Obama has asked the nonpartisan Commission on
Enhancing National Cybersecurity, which was tasked to develop short- and
long-term recommendations to strengthen cyber security in the public and
private sectors, to brief President-elect Donald Trump at the earliest
possibility, Ms. Stringer said.

Mr. Trump has nominated retired Gen. John Kelly to lead the Department of
Homeland Security.

“It’s unclear what his specific views are on cyber security, but there are
a number of members of Congress that have really pushed for him to have a
strong team on cyber and to have that as a priority,” she said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161215/a730dc74/attachment.html>