The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law, which creates rules for insurers, agents, and other licensed entities covering data security, investigation, and breach notification.
The model law also requires the maintenance of an information security program based on ongoing risk assessment, overseeing third-party service providers, investigating data breaches, and notifying regulators of a cybersecurity event.
“Considering the recent series of data breaches, cybersecurity is more important now than ever,” Ted Nickel, NAIC president and Wisconsin Insurance Commissioner, said. “Regulators have a critical role to play in protecting consumers as the cyber landscape continues to evolve and this model law sets cybersecurity customs for insurers to help safeguard consumers.”
The model law progressed through the NAIC Innovation and Technology Task Force and the Cybersecurity Working Group during the NAIC’s Summer 2017 National Meeting. The working group solicited input from regulators as well as industry and consumer representatives throughout the drafting process.
“We’ve made significant progress on cybersecurity this year and passing this model law creates a platform that enhances our mission of protecting consumers,” Raymond Farmer, NAIC Secretary-Treasurer and South Carolina Insurance Director, said. Farmer served as chair of NAIC’s Cybersecurity Working Group.