You are here:HomeIssuesCybersecurity2017NAIC Advances Cybersecurity Model Law

NAIC Advances Cybersecurity Model Law

At its summer National Meeting in Philadelphia, the National Association of Insurance Commissioners passed its Insurance Data Security Model Law through both the Cybersecurity Working Group and the Innovation and Technology Task Force...
August 15, 2017

Cyber

At its summer National Meeting in Philadelphia, the National Association of Insurance Commissioners (NAIC) passed its Insurance Data Security Model Law through both the Cybersecurity Working Group and the Innovation and Technology Task Force. The Model has been through six drafts over 18 months and still faces a vote by the NAIC’s Executive/Plenary Committee during the NAIC Fall 2017 National Meeting before it can be considered by the states.

The model law creates data security standards for insurers including overseeing third-party service providers, investigating a data breaches and providing requirements for notifying consumers and regulators.

What It Means for Agents: At least for now, the model is not ready for states to consider as part of their legislative agendas, and, because we’re already so far into the 2017 state legislative year, we likely won’t see a state consider adoption of the model until the 2018 legislative year.

Importantly, even within a state, commissioners and legislators are not necessarily in agreement about the model. The commissioner for Kentucky, for instance, voted in favor of the model, but one of Kentucky’s legislators has publicly expressed skepticism about the need for it. So regulatory support for the model at NAIC has not necessarily translated into legislative support for it in individual states, even in states whose commissioners support the NAIC model.

Filed under: