NAIC Insurance Data Security Model Law Emerges
Josephine Cicchetti, co-chair of Carlton Fields Cybersecurity and Privacy Task Force, wrote the ABA TIPS Corporate Counsel Law article, “NAIC Insurance Data Security Model Law Emerges.” The National Association of Insurance Commissioners (NAIC) Executive Committee and Plenary approved the sixth iteration of the model law on October 24, 2017. It is now available for consideration and adoption by the states.
The model law, which applies to individuals and non-government entities licensed by a state’s insurance law, defines the purpose of creating data security standards, as well as standards related to notifying an insurance commissioner if there is a cybersecurity event. Other features of the model law include a comprehensive, written information security program, oversight of the board of directors and third-party service providers, annual certification, and confidentiality requirements. And, the model law tracks the State of New York’s Cybersecurity Regulation.