NAIC Insurance Data Security Model Law Adopted

An office with a computer monitor on white desk with chains around it and locks attached to the chains on the front and back

October 26, 2017 |

An office with a computer monitor on white desk with chains around it and locks attached to the chains on the front and back

On October 24, 2017, the National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law during a joint meeting of the Executive (EX) Committee and Plenary.

The model law creates rules for insurers, agents, and other licensed entities covering data security, investigation, and notification of breach. This includes maintaining an information security program based on ongoing risk assessment, overseeing third-party service providers, investigating data breaches, and notifying regulators of a cyber security event.

"Considering the recent series of data breaches, cyber security is more important now than ever," said Ted Nickel, NAIC president and Wisconsin insurance commissioner. "Regulators have a critical role to play in protecting consumers as the cyber landscape continues to evolve, and this model law sets cyber security customs for insurers to help safeguard consumers."

The model law progressed through the NAIC Innovation and Technology (EX) Task Force and the Cybersecurity (EX) Working Group during the NAIC 2017 Summer National Meeting. The working group solicited input from regulators as well as industry and consumer representatives throughout the drafting process.

"We've made significant progress on cyber security this year, and passing this model law creates a platform that enhances our mission of protecting consumers," said Raymond G. Farmer, NAIC secretary-treasurer, South Carolina insurance director, and chair of the Cybersecurity (EX) Working Group.

Please see the related articles for more information on the specifics of the law and additional Captive.com analysis.

October 26, 2017