The NAIC's Insurance Data Security Model Law has been well received at the federal level, with the Treasury Department strongly endorsing it and recommending that Congress consider adopting federal legislation. (Illustration: Stuart Briers for ALM Media)
In October 2017, the NAIC adopted an Insurance Data Security Model Law that builds on existing data privacy and consumer breach notification obligations. The Model Law requires every insurance licensee in a state (unless they qualify for an exemption) to maintain a written cybersecurity policy and implement a risk-based cybersecurity program. The Model Law also requires a licensee to satisfy specific requirements related to:
|- Risk assessment and management;
- Oversight of third-party service providers;
- Incident reporting, investigation and notification;
- Annual certification, and;
- Exceptions (if eligible).
In the United States, the business of insurance is regulated primarily at the state level. That means that the Model Law will not actually apply to a licensee unless and until it is enacted into law by a jurisdiction where that licensee is licensed.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
