Bill Description: House Bill 117 would create new regulations for insurers related to data security.
Rating: -1
Does it give government any new, additional, or expanded power to prohibit, restrict, or regulate activities in the free market? Conversely, does it eliminate or reduce government intervention in the market?
House Bill 117 would create Chapter 67, Title 41, Idaho Code, titled the "Insurance Data Security Act." This chapter would impose a host of new regulations on insurers related to data security. Each licensee would be required to "develop, implement, and maintain a comprehensive written information security program based on the licensee's risk assessment that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensee's information system."
The act would also require licensees to "conduct a prompt investigation" of any "cybersecurity event" and notify the director of the Idaho Department of Insurance as promptly "as reasonably practicable but not later than ten (10) business days after a determination that a cybersecurity event has occurred."
The act would give the director broad power to "examine and investigate the affairs of any licensee to determine whether the licensee has been or is engaged in any conduct in violation of the provisions of this chapter."
Data security and cybersecurity are important and necessary elements of doing business in the modern world, but the specifics and implementation strategies should be left to the free market. More government regulations will not make people safer or protect their data. In many cases, the opposite is true because compliance with government regulations creates a false sense of safety and sufficiency. A more competitive and less regulated market would lead to firms working to outclass each other in the protections they provide consumers.
(-1)
