National Association of Insurance Commissioners

Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa, Minnesota, Rhode Island, and Wisconsin have similar

Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance industry, a wave of states have either enacted or are pursuing legislation aimed at regulating the cybersecurity measures of insurance companies.

In 2017,

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or registered” pursuant to state insurance laws. The Model Law was first released in April of this year and received over 40 comments from trade associations, market participants and regulators. This week, at the NAIC National Summer Meeting, the Task Force met with interested parties to discuss comments on this new draft and written comments to the Model Law may be submitted by September 16, 2016.
Continue Reading NAIC Released Draft of Revised Insurance Data Security Model Law for Review

On October 14, the National Association of Insurance Commissioners (NAIC) Cybersecurity (EX) Task Force released an updated draft of its Cybersecurity Bill of Rights. The bill, which updates a prior draft published for comment in July 2015, details certain rights of insurance consumers in connection with protection of personal information and responses to data breaches

Cybersecurity risks have become more significant as critical consumer financial and health information is increasingly stored in electronic form. On April 16, 2015, the National Association of Insurance Commissioners (NAIC) adopted guidance concerning the protection of sensitive consumer information held by insurers and insurance producers.  The document also is intended to aid insurance regulators in

Shortly after the discovery of a cybersecurity breach at the health insurance company Anthem, Inc., the National Association of Insurance Commissioners (NAIC) called for a multi-state examination of Anthem’s cybersecurity practices to determine what protections were in place and what actions could have been taken to minimize data losses.  The examination is currently underway and