The NAIC's Insurance Data Security Model Law has been well received at the federal level, with the Department of the Treasury strongly endorsing it and recommending that Congress consider adopting federal legislation. (Illustration: Stuart Briers for ALM Media) The NAIC's Insurance Data Security Model Law has been well received at the federal level, with the Treasury Department strongly endorsing it and recommending that Congress consider adopting federal legislation. (Illustration: Stuart Briers for ALM Media)

In October 2017, the NAIC adopted an Insurance Data Security Model Law that builds on existing data privacy and consumer breach notification obligations. The Model Law requires every insurance licensee in a state (unless they qualify for an exemption) to maintain a written cybersecurity policy and implement a risk-based cybersecurity program. The Model Law also requires a licensee to satisfy specific requirements related to:

  • Risk assessment and management;
  • Oversight of third-party service providers;
  • Incident reporting, investigation and notification;
  • Annual certification, and;
  • Exceptions (if eligible).

In the United States, the business of insurance is regulated primarily at the state level. That means that the Model Law will not actually apply to a licensee unless and until it is enacted into law by a jurisdiction where that licensee is licensed.

Continue Reading for Free

Register and gain access to:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.