Skip to main content

Legal Update

NAIC Adopts Insurance Data Security Model Law

10 November 2017
Mayer Brown Legal Update
On October 24, 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law (Model Law) that builds on existing data privacy and consumer breach notification obligations by requiring insurance licensees to comply with detailed requirements regarding maintaining an information security program and responding to and giving notification of cybersecurity events. This Legal Update (i) describes the relevant definitions and scope of the Model Law, (ii) explains the Model Law’s substantive requirements and (iii) highlights some takeaways for the insurance industry. For simplicity, this discussion assumes that a state will adopt the Model Law substantially as written.


  • Rajesh De
    T +1 202 263 3366
  • Lawrence R. Hamilton
    T +1 312 701 7055
  • Stephen Lilley
    T +1 202 263 3865
  • Jeffrey P. Taft
    T +1 202 263 3293
  • Matthew Bisanz
    T +1 202 263 3434
  • Evan Sippel-Feldman
    T +1 650 331 2084
The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.