For this Regulatory Brief, AAIS spoke with Eric Lowe, Chief of Data Analytics and Cyber Initiatives at the Virginia Bureau of Insurance to discuss the new data, cyber, technology, and security initiatives taking place in Virginia for 2023.
New Strategy, Data, and Cyber Initiatives Department in Virginia
Strategy, Data, and Cyber Initiatives (SDC) is a new department that was created by Commissioner Scott White for the Virginia Bureau of Insurance. As the Bureau received more and more data from both the NAIC and the insurance companies they regulate, the need for this area became apparent to Lowe. “We have people who are subject matter experts throughout all of [our] divisions working on things like market analysis, special data calls, and blockchain initiatives. But we really didn't have a cohesive single area that this would work in,” he recounted. The intent of the unit, headed by Lowe, is to bring in talent and expertise in two particular pathways. “The first is the data analytics side and the second is IT examinations,” said Lowe. “Our goal is to build out policies and procedures and [understand] how we're going to implement and track these things.” The unit is also looking to act as a project management office for data and cyber initiatives. “What that means,” Lowe explained, “is that as other sections [of the Bureau] run into data that they don't necessarily have expertise in, the [SDC] department is going to help them. So, we're [acting] as support for the traditional functions of the Virginia Bureau of Insurance’s regulatory areas.”
Technology, Data Management, and Security Initiatives for 2023
One of the main initiatives for the SDC this year is handling data breach notifications. “We want to make sure that Virginians are notified of these breaches as it impacts them,” said Lowe. “And we want to know what's being done for the Virginians to make sure that if their identities are stolen, or things like that, they're protected. We're hoping to be out in front of these things; to be proactive and not reactive. We don't expect to have a department that ultimately has all the answers, but we certainly want to be as informed as we possibly can be.” Lowe mentioned that the SDC is also looking at developing checklists at the NAIC level for breach notifications. “[These checklists] will allow insurance companies and other licensees the advantage of knowing what questions we're going to be asking, the information that we're going to want, and our abilities to keep the information they provide to us confidential.”
The SDC is looking at initiatives that are going to enable the Bureau to connect disjointed data as well. “We're able to bump [the NAIC number] up against other data other than just the annual statement or financial data,” Lowe stated. “We want to give the user of this information the ability to actually pose questions and answer those questions with the tools that we build. Our goal is not to make new data – it is to take the data that we have and bring it together in a format that actually provides you some utility.”
To view the full interview with Eric Lowe, click on the video above.