The NAIC’s Insurance Data Security Model Law provides the standard definition of non-public information:
Business related information of a Licensee the tampering with which, or unauthorized disclosure, access or use of which, would cause a material adverse impact to the business, operations or security of the Licensee;
Translation – Information about an individual or business entity that if lost or corrupted or if shared without their consent would result in serious financial or reputational harm, threatening their ability to do business or jeopardizing their internal security.
Any information concerning a Consumer which because of name, number, personal mark, or other identifier can be used to identify such Consumer, in combination with any one or more of the following data elements:
• Social Security number,
• Driver’s license number or non-driver identification card number,
• Account number, credit or debit card number,
• Any security code, access code or password that would permit access to a Consumer’s financial account, or
• Biometric records;
Translation – Two or more pieces of a consumer’s information that can be used together to identify that individual or business entity, including the listed items
Any information or data, except age or gender, in any form or medium created by or derived from a health care provider or a Consumer and that relates to:
• The past, present or future physical, mental or behavioral health or condition of any Consumer or a member of the Consumer’s family,
• The provision of health care to any Consumer, or
• Payment for the provision of health care to any Consumer.
Translation - Any information about a patient, other than their age and gender, concerning their health status and/or medical care, including information about how medical bills are paid
Cybersecurity is important, and everyone from the boardroom to the breakroom plays a role in protecting your valuable data. That requires a shared vocabulary! Join us every other Tuesday for a CYBERMinute. We define a key concept, explain why it’s important to your Information Security Program, and share best practices for implementation.
For more information, check out our Cybersecurity page at https://www.ilsainc.com/services/cybersecurity/.
And follow ILSA on your favorite Social Media apps: