The National Association of Insurance Commissioners (“NAIC”), a standards-setting organization comprised of insurance regulators from across all U.S. jurisdictions, has recently adopted twelve Principles for Effective Cybersecurity Insurance Regulatory Guidance (the “Principles”). The Principles arrive in in the wake of the prominent Anthem data breach, highlighting the importance of protecting sensitive personal data in the insurance sector. Addressing this challenge, the NAIC established the Principles to provide state insurance regulators and industry participants guidance regarding the protection of sensitive personal, financial, and healthcare data. The Principles broadly lay out the practices, guidelines, and measures that both regulators and the industry should take to protect personal information.