NAIC anticipates return of cyber insurance legislationReprints
MIAMI — Legislation to encourage businesses to purchase data breach insurance is likely to re-emerge after the new U.S. Congress convenes in January, according to an official with the National Association of Insurance Commissioners.
The Data Breach Insurance Act, H.R. 6032, introduced in the House of Representatives in September by Rep. Ed Perlmutter, D-Colo., would amend the Internal Revenue Code to allow a business tax credit for the purchase of qualified data breach insurance, according to its legislative text. Qualified data breach insurance, as defined in the bill, is coverage provided by an insurer for expenses or losses in connection with the theft, loss, disclosure, inaccessibility or manipulation of data.
The credit would apply for five years and be equal to 15% of the annual premiums paid or incurred for the insurance in the ordinary course of the taxpayer's trade or business.
Insurance does not qualify for the credit unless the taxpayer has adopted and is in compliance with the Framework for Improving Critical Infrastructure Cybersecurity published by the National Institute of Standards and Technology or any similar standard specified by the Internal Revenue Service, according to the bill.
“Congress has now adjourned, but we’ll likely see that reintroduced when the new Congress convenes in January,” Brooke Stringer, Washington-based government relations policy adviser, told attendees of the National Association of Insurance Commissioners fall meeting in Miami on Sunday.
Rep. Randy Neugebauer, R-Texas, the chairman of the Financial Institutions and Consumer Credit Subcommittee who is retiring, and Rep. John Carney, D-Del., a member of the Financial Services Committee, introduced the Data Security Act of 2015 to protect consumers from identity theft and fraud. The bill would establish a national data security and breach notification standard for financial institutions and retailers to better protect consumer financial data.
“I anticipate that someone will pick up that bill, another member on the House Financial Services Committee,” Ms. Stringer said. “Of course, the NAIC opposed that bill. I anticipate that we will see that legislation again. As soon as the new Congress comes in, we’ll be up there sharing our views on that.”
NAIC opposed the bill due to concerns that it would frustrate the existing regulatory framework at the state level and prevent state regulators and legislators from imposing additional requirements or prohibitions on the responsibilities to protect or safeguard information on the front end or to investigate and mitigate on the back end following a breach, according to NAIC.
In addition, President Barack Obama has asked the nonpartisan Commission on Enhancing National Cybersecurity, which was tasked to develop short- and long-term recommendations to strengthen cyber security in the public and private sectors, to brief President-elect Donald Trump at the earliest possibility, Ms. Stringer said.
Mr. Trump has nominated retired Gen. John Kelly to lead the Department of Homeland Security.
“It’s unclear what his specific views are on cyber security, but there are a number of members of Congress that have really pushed for him to have a strong team on cyber and to have that as a priority,” she said.