Notice: The COVID-19 pandemic challenges all of us in our personal and professional lives. Please know that we are committed to supporting our members in these difficult times. We are fully operational in a work-from-home environment and here to help.
Cyber Security & Compliance  04/01/2019 NAPA RSS Icon

NAIC Insurance Data Security Model Law Compliance

By Chris Pfeffer

In October of 2017, the National Association of Insurance Commissioners (NAIC) adopted the Data Security Model Law (Model Law) that requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program. The model law closely resembles the New York Department of Financial Services (NY DFS) cybersecurity regulation that was enacted on March 1, 2017. It requires the investigation of any cybersecurity events, and to notify the state insurance commissioners of such events.

Read more about the NAIC initiative here: https://www.naic.org/cipr_topics/topic_cyber_risk.htm

States are working to introduce and pass legislation now, and it appears that the U.S. Treasure Department will mandate the Model Law, if the States do not adopt it within five years.

The following States have adopted the law through legislative bills and there are several others that have started the process and are getting close to passing their own Model Law:

  • New York (Adopted)
  • South Carolina (Adopted)
  • Connecticut (Adopted)
  • Ohio (Adopted)
  • Michigan (House and Senate passed versions on 12/6/2018 and 12/19/2018, respectively, and sent it to its then-Governor on 12/27/2018)
  • Rhode Island (Has similar bill pending in the legislature)
  • California (Has passed similar regulations)

So, in summary, it’s not a matter of if, but when, insurers and individuals licensed by their respective states will have to implement processes and procedures to 1) have third party certification and 2) also maintain some level of cybersecurity liability coverage.

NAPA offers cybersecurity and compliance solutions to its members, including:

  • InfoSafe® Certification Program - This industry leading compliance management system makes it easy and affordable for agencies and independent professionals to implement and maintain virtually all federal, state and industry data security requirements. NAPA members save up to 33%!
  • Cyber Liability Insurance - Protect your business against the high financial costs associated with a data breach including, legal counsel, credit notification, monitoring services, regulatory fines, forensic investigators and more. Coverage starts at just $199/year.

  Customer Care Center

We're here to help! Contact the NAPA Customer Care Center via online chat or phone for first-class assistance.

   (800) 593-7657

Monday – Thursday: 8 am – 6 pm ET
Friday: 9 am – 5 pm ET

  Have Questions?

You can find answers to many of your questions in the NAPA Frequently Asked Questions.

   How Are We Doing?

We take your feedback seriously. Complete a customer satisfaction survey to help us better serve you.

Take a quick survey!

Admin Login