Cybersecurity News and Notes – July 25, 2016

In Case You Missed It: U.S. Major party platforms address cybersecurity.  The two major parties have released their 2016 election platforms, both of which include cybersecurity planks.  The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies. It promises to “build on the Obama Administration’s Cybersecurity National Action Plan,” supporting, for example, the empowerment of a federal Chief Information Security Officer and Obama’s establishment of a 12 member Commission on Enhancing National Cybersecurity within the Commerce Department.

News of Note: HHS concerned about gaps in health data privacy regulation. On July 19, 2016, HHS released a report to Congress dealing with gaps in privacy regulation brought about by the emergence of entities that collect health information but are not governed by traditional sources of standards such as HIPAA, the FTC, or state law. HHS expressed concern that the collection of health information in various locations with differing security standards posed a cybersecurity risk, that individuals might not be aware of when their health data is protected by law and when it is not, and that unclear requirements could impede economic growth and beneficial product development.

Practice Tip: Consider whether you need cyber insurance. Cyber insurance is “designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.” Most general liability policies do not cover the costs of risks such as data breaches and only one-third of U.S. companies currently have cyber coverage.  The Department of Homeland Security has played an active role in driving the conversation about cyber insurance.  From 2012 through 2014, DHS held a series of collaborative sessions with stakeholders on cyber insurance topics.  The report from the February 2014 session specifically deals with cyber insurance (and responses to cyber risk more generally) in the health care organizational context.  In 2015, a DHS-organized working group produced white papers on the development of a cyber-incident data repository for analysis by businesses and insurers.  Outside of the government, The National Association of Insurance Commissioners, in collaboration with the Center for Insurance Policy and Research, has a brief summary of cyber insurance issues with links to other resources. Businesses interested in purchasing cyber insurance should “shop around” and confer with counsel before buying, as products and premiums vary widely.

Leave a Reply

Your email address will not be published. Required fields are marked *