On October 24, 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law (Model Law) that builds on existing data privacy and consumer breach notification obligations by requiring insurance licensees to comply with detailed requirements regarding maintaining an information security program and responding to and giving notification of cybersecurity events. This Legal Update (i) describes the relevant definitions and scope of the Model Law, (ii) explains the Model Law’s substantive requirements and (iii) highlights some takeaways for the insurance industry. For simplicity, this discussion assumes that a state will adopt the Model Law substantially as written.
Downloads –