The NAIC is … Our cybersecurity compliance platform gives independent insurance agencies, public adjusters, BGAs and others the ability to comply with data security laws and regulations, new and old. protections are currently provided for under state law. The law, which establishes standards for data security and the investigation and notification of cybersecurity events in the insurance industry, will become effective once it 5 Things to Know About the NAIC’s New Cybersecurity Model Law This much we know. As with all NAIC model laws, the Insurance Data Security Law serves as a guideline for states and must be adopted by a state to be enacted into law. law], the purpose and intent of this Act is to establish the exclusive standards in this state for data security and investigation and notification of a breach applicable to licensedata , as defined in … The NAIC website states that “Cybersecurity is perhaps the most important topic for the insurance sector today.” The “Insurance Data Security Law” is born They used New York’s Cybersecurity Regulation as a framework. The NAIC’s model law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures. The intent of the model law is to establish standards for data security, the investigation of cybersecurity events … First, Connecticut’s law demonstrates that states have not uniformly adopted the NAIC model over the NYDFS model. Cybersecurity has risen to be among the top finance and insurance industry concerns. On May 3, 2018, Governor Henry McMaster signed into law the South Carolina Insurance Data Security Act (the "Act"). (2) Address cybersecurity risks into the licensee’s enterprise risk management process; and (3) Use an nformation I Sharing and nalysis AOrganization (ISAO) to share information and stay It was developed in rather rapid fashion by the NAIC’s cybersecurity working group between 2016 and 2017. The Act became effective on January 1, 2019. The National Association of Insurance Commissioners (NAIC), the standard-setting body for U.S.-based insurers, introduced a new cybersecurity standard in October of 2017. The NAIC’s model law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures. In October 2017, the National Association of Insurance Commissioners (NAIC) adopted its Insurance Data Security Model Law (the NAIC Model) to establish standards for data security and the investigation and notification of certain cybersecurity-related events. Data Security Model Law (the “Model Law”). If you have questions about data security, a notice you receive about a data breach or other issues concerning your personal information in an insurance transaction, you should The states largely are using a 2017 model law by the National Association of Insurance Commissioners, which draws from the New York Department of Financial Services’ cybersecurity regulation for the financial services industry. Share. April 4, 2019. NAIC adopts model law on cybersecurity: Will states adopt it? Cybersecurity has risen to be among the top finance and insurance industry concerns. The model law has been a project of significance for the NAIC for some time, frequently cited as a priority and necessity by leaders of the regulator organization. The law is effective October 1, 2019, but gives licensees until October 1, 2020 to implement their security programs. The Model Law was formally approved in October 2017; it has recently been enacted in one state (South Carolina), and other jurisdictions have passage within their sights (Rhode Island, Vermont, Louisiana, and the District of Columbia). Cyber Liability NAIC Cybersecurity Model Law Analysis This article discusses the NAIC Insurance Data Security Model Law. South Carolina was the first state in the nation to pass this important and timely legislation which was modeled after the NAIC Insurance Data Security Model Law. While the Connecticut law does not break new substantive ground, it is significant for two reasons. The number and... Regulators bear fruit. On Oct. 24, the National Association of Insurance Commissioners (NAIC) formally approved the Insurance Data Security Model Law (model law). Beginning in 2018, individual states will be adopting and implementing new cybersecurity risk management and notification requirements for insurance entities. The Cybersecurity Working Group and the Innovation and Technology Task Force of the National Association of Insurance Commissioners (NAIC), at the NAIC Summer 2017 National Meeting in Philadelphia, approved the Insurance Data Security Model Law. New Hampshire is one of several states, including Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina, that has passed an insurance data security law following NAIC’s model. The model law’s purpose is to establish standards for data security and for the investigation of and notification to the Commissioner of a cybersecurity event. The number and... Regulators bear fruit. The model law’s purpose is to establish standards for data security and for the investigation of and notification to the Commissioner of a cybersecurity event. The National Association of Insurance Commissioners (NAIC), a regulating body, has recognized the cybersecurity risks to their industry and has started taking action. The “Insurance Data Security Law” contains regulations on risk assessment, risk management, cybersecurity, and an incident response plan. This document functions as a Consumer Bill of Rights and will be incorporated into NAIC model laws and regulations. South Carolina Adopts NAIC Cybersecurity Model Law Michael A. Molony T. Douglas Concannon Leslie M. Whitten YCR Law YCR Law YCR Law 843.724.6632 843.724.6640 843.724.6691 On May 9, 2018, South Carolina Governor Henry McMaster signed into law the South Carolina Insurance Data Security Act (“IDSA”). The Model Law outlines standards and best practices that insurance companies should include in their information security programs. Commentary NAIC Adopts Model Law on Cybersecurity: Will States Adopt It? Companies compliant with the NYDFS cybersecurity regulation are considered in compliance with the NAIC Insurance Data Security Model Law. On 08.08.17, the NAIC Cybersecurity (EX) Working Group followed with the adoption of its Insurance Data Security Model Law. In October 2017, the National Association of Insurance Commissioners (NAIC) established an Insurance Data Security Model Law and released it to states for legislative consideration. The NAIC Model Law, unlike the NYDFS regulations, provides specific notification requirements to ceding insurers (as a result of a reinsurer's cybersecurity event) and producers of record. On October 24, 2017, following an 18 month deliberative process, the U.S. National Association of Insurance Commissioners (NAIC) voted to approve the Insurance Data Security Model Law (Cyber Model Law). The National Association of Insurance Commissioners (“NAIC”), which had separately been preparing a model cybersecurity law, adopted a model law that closely resembled the DFS Regulation. This “Model Law,” formally known as the Insurance Data Security Model Law , sets certain security expectations and operations guidelines for insurance companies. Against a backdrop where cybersecurity is becoming top-level priority for insurance companies entering 2018, the National Association of Insurance Commissioners adopted a model law that lays out a defined set of terms and requirements for the insurance industry on Oct. 24. The NAIC is aiming for complete passage in all fifty states within By FC&S Editors | April … 5 things to know about the NAIC's new cybersecurity model law This much we know. The National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law will soon affect all insurance carriers throughout the U.S. Now that states have begun the adoption process, or have already adopted the law, it is vital for insurance organizations to be prepared for their state’s next cybersecurity examination. In most instances, the states’ new requirements will be based on the Insurance Data Security Model Law, as finalized by the National Association of Insurance Commissioners at the end of 2017. As discussed in a previous newsletter analyzing the current cybersecurity landscape, the National Association of Insurance Commissioners (NAIC) established its own standards, known as the NAIC Insurance Data Security Model Law.This model law, which establishes data security and data breach investigation and resolution standards across the insurance industry, … The National Association of Insurance Commissioners (NAIC) has made cybersecurity and data protection a top priority. From GLBA to New York’s 23 NYCRR 500 to the NAIC Data Security Model Law… In early 2016, the NAIC began drafting the Insurance Data Security Model Law with input from state insurance regulators and the insurance industry and formally adopted the model in October 2017. Learn why legislation like NYDFS and NAIC’s Model Law will have a significant impact on state-level cybersecurity regulations over the next five years. The NAIC is a U.S. standard-setting and regulatory support organization composed of state-level insurance regulators, and the Model Law is non-mandatory, model legislation that states must voluntarily adopt in order for it to be enforceable.