RIMS Announces Formal Position on Newly Proposed Data Security and Breach Notification & Policyholder Protection Acts

May 26, 2015

(NEW YORK) May 26, 2015 – Through the work of its External Affairs Committee, RIMS, the risk management society™, announced its support for two new bills that would ultimately establish a streamlined process for notifying affected parties of a data breach, as well as measures to protect an organization’s insurance investments.

“The Data Security and Breach Notification Act and the Policyholder Protection Act both, in different ways, can be legislative backstops that allow risk professionals to achieve their objectives more efficiently and with greater confidence,” said RIMS President Rick Roberts. “Reducing redundancies in the cyber breach reporting process as opposed to having to report them state-by-state will allow risk professionals to assess the situation faster and implement more effective response plans.”

Roberts continued, “Risk financing is a staple of any risk management strategy and even the slightest chance that an organization’s insurance investments might be lost due to a federal bailout or other financial discrepancies is not good for business. RIMS is pleased to see legislators address these critical issues and looks forward to lending its support to help successfully steer these bills through the approval process.”

1.    DATA SECURITY AND BREACH NOTIFICATION ACT

Congress is considering legislation that would create a federal notification requirement following a cyber-breach. The Data Security and Breach Notification Act of 2015, sponsored by Sen. Nelson (S. 177) and Rep. Blackburn (HR 1770), would (a) pre-empt all state notification laws, (b) establish a timeframe for notification, (c) establish the content that notification would require, and (d) identify those individuals or third parties who must be notified.

RIMS Official Position of Support:  There are currently 47 different state data breach notification laws in place. This has proven onerous for commercial insurance buyers whose organizations operate in multiple states and must comply with several different laws whenever a cyber-breach is experienced. This federal legislation would expressly pre-empt those state laws and create one unified standard and procedure for breach notification. This increased efficiency and simplicity for RIMS’ membership is the reason that Society supports this proposal. 

2.    POLICYHOLDER PROTECTION ACT

Congress is considering legislation designed to protect the capital of insurance companies that are part of larger financial institutions. This legislation, sponsored by Sen. Vitter (S. 798) and Rep. Posey (H.R. 1478), would prevent federal regulators from transferring the assets of state-regulated insurance companies and their subsidiaries to rescue or support a failed or failing non-insurance financial affiliated firm.

RIMS Official Position of Support: One of the largest concerns for RIMS’ membership following the 2008 economic collapse was insurer solvency, particularly for those insurers that were affiliated with organizations that were bailed out by the federal government. This legislation would ensure that the premiums paid to the insurer for future coverage will be retained by that insurer and not ultimately used to bail out a non-insurance affiliate in the event of another economic downturn.  

For more information about RIMS legislative priorities, visit www.rims.org/externalaffairs/PositionStatements.

For more information, contact:

Josh Salter, Director of Communications, (212) 655-6059 or JSalter@rims.org

About RIMS

As the preeminent organization dedicated to promoting the profession of risk management, RIMS, the risk management society®, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS is committed to advancing risk management capabilities for organizational success, bringing networking, professional development and education opportunities to its membership of more than 10,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org

About Us