Many insurers rely on outside vendors, including third-party administrators—better known as TPAs—to help them run their business operations. A major concern for insurers is managing the data security aspect of the TPA relationship. PC360 recently interviewed Jonathan J. Kelly, a corporate law partner in Sidley Austin's New York Insurance group, to talk about insurers, TPAs and cyber security precautions.
PC360: As insurers pay closer attention to their cyber security policies and procedures given the recent rise in risk, what precautions should they have in place to help ensure that they're protected via their third-party administrator (TPA) relationships?
Kelly: Insurers need to be thoughtful in designing policies and procedures (P&Ps) addressing TPA arrangements. Of course, 
the P&Ps should first and foremost be designed to protect the insurer's policyholder data, which is inherently part of the TPA arrangement, particularly in the life and health context. At the same time, given the highly regulated environment and an ever-increasing emphasis by insurance regulators on cyber security issues, the P&Ps should contemplate the need to respond to regulatory inquiries and address current and future regulatory requirements. To that end, the P&Ps should address standards that must be followed by the TPAs with respect to the insurer's data, as well as required contract provisions (including enforcement rights) to document the TPA arrangement.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
