The NAIC Insurance Data Security Model Law has the potential to affect the entire insurance industry – including third-party service providers with access to the data and systems of insureds and producers.
We recently joined members of the NAIC Cybersecurity Task Force on an ACC Webcast to discuss the Model Law in detail and to review strategies for defensible compliance.
Missed the webcast?
Follow the link below to access the recording.
Superintendent of Banking and Insurance
Rhode Island Department of Business Regulation
National Association of Insurance Commissioners
Director of Strategic Partnerships
NAIC Insurance Data Security Model Law
Following the lead of NY's Department of Financial Services Cybersecurity Regulation, the National Association of Insurance Commissioners (NAIC) adopted its Insurance Data Security Model Law to establish insurance industry standards for data protection and security.
South Carolina and Ohio are the first states to adopt the NAIC’s Data Security Model Law. The model law will have nationwide consequences as other states rush to follow suit in 2019. As of January 1, 2019, insurance companies in South Carolina must be compliant with the Model Law.
We can help.
DATA INVENTORY. Licensees must identify where Nonpublic Information exists (all locations, media types, applications and third-parties) to ensure adequate protection, access, retention and deletion.
DATA MINIMIZATION. Licensees must define and periodically evaluate the schedule for retention of Nonpublic Information and mechanism for its destruction when no longer needed.
VENDOR RISK PROFILING. Licensees must have oversight of third-party service provider arrangements, exercise due diligence and require providers to take steps to protect Nonpublic Information
Key Things to Know:
72-Hour Data Breach Notification Requirement
Board Oversight & Written Attestation
Annual Submission to Insurance Commissioner
Document Proof of Compliance