Tag Archives: National Association of Insurance Commissioners

States Legislate Cybersecurity Requirements for Insurance Companies

Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance industry, a wave of states have either enacted or are pursuing legislation aimed at regulating the cybersecurity measures of insurance companies. In 2017, … Continue Reading

NAIC Released Draft of Revised Insurance Data Security Model Law for Review

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or … Continue Reading

NAIC cybersecurity task force adopts Cybersecurity Bill of Rights for insurance consumers

On October 14, the National Association of Insurance Commissioners (NAIC) Cybersecurity (EX) Task Force released an updated draft of its Cybersecurity Bill of Rights. The bill, which updates a prior draft published for comment in July 2015, details certain rights of insurance consumers in connection with protection of personal information and responses to data breaches … Continue Reading

NAIC Provides Insurers and Regulators with Guidance on Data Security

Cybersecurity risks have become more significant as critical consumer financial and health information is increasingly stored in electronic form. On April 16, 2015, the National Association of Insurance Commissioners (NAIC) adopted guidance concerning the protection of sensitive consumer information held by insurers and insurance producers.  The document also is intended to aid insurance regulators in … Continue Reading

Regulators Examining Cybersecurity Policies and Practices for the Insurance Industry

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and … Continue Reading
LexBlog