NAIC Insurance Data Security Model Law Compliance
By Chris Pfeffer
In October of 2017, the National Association of Insurance Commissioners (NAIC) adopted the Data Security Model Law (Model Law) that requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program. The model law closely resembles the New York Department of Financial Services (NY DFS) cybersecurity regulation that was enacted on March 1, 2017. It requires the investigation of any cybersecurity events, and to notify the state insurance commissioners of such events.
Read more about the NAIC initiative here: https://www.naic.org/cipr_topics/topic_cyber_risk.htm
States are working to introduce and pass legislation now, and it appears that the U.S. Treasure Department will mandate the Model Law, if the States do not adopt it within five years.
The following States have adopted the law through legislative bills and there are several others that have started the process and are getting close to passing their own Model Law:
- New York (Adopted)
- South Carolina (Adopted)
- Connecticut (Adopted)
- Ohio (Adopted)
- Michigan (House and Senate passed versions on 12/6/2018 and 12/19/2018, respectively, and sent it to its then-Governor on 12/27/2018)
- Rhode Island (Has similar bill pending in the legislature)
- California (Has passed similar regulations)
So, in summary, it’s not a matter of if, but when, insurers and individuals licensed by their respective states will have to implement processes and procedures to 1) have third party certification and 2) also maintain some level of cybersecurity liability coverage.
NAPA offers cybersecurity and compliance solutions to its members, including:
- InfoSafe® Certification Program - This industry leading compliance management system makes it easy and affordable for agencies and independent professionals to implement and maintain virtually all federal, state and industry data security requirements. NAPA members save up to 33%!
- Cyber Liability Insurance - Protect your business against the high financial costs associated with a data breach including, legal counsel, credit notification, monitoring services, regulatory fines, forensic investigators and more. Coverage starts at just $199/year.