Members of the NAIC Cybersecurity Taskforce expect states to quickly adopt the NAIC Insurance Data Security Model Law. The Model Law creates a legal framework for all states for requiring insurance companies to take specific steps to protect Nonpublic Information.
South Carolina and Ohio were the first two states to adopt the NAIC Model Law, and Michigan followed close behind, passing a law at the end of 2018 that closely follows the Model Law.
The Model Law follows the NYDFS Cybersecurity Regulation closely and will impact the entire insurance industry—including third-party service providers with access to the data and systems of insureds and producers. Insurance companies have an obligation to understand the data protection practices of their third party service providers that are applicable under the Model Law requirements.
Which of your Third-Party Service Providers are applicable?
Insurance companies have a tangled web of third-parties and vendors and seldom really understand which of them access Nonpublic Information. Addressing this regulatory gap sits squarely with legal and compliance. Legal’s role is to identify all third-parties that are applicable to the Model Law.
The ACC Vendor Risk Service is a turn-key service that enables insurance companies to effectively comply with third-party diligence requirements under the Model Law.
In 30 days, we risk profile all your third-parties so you’ll know which of your third-parties pose retention risks. The service is economical and the process is extremely efficient – saving you valuable time and resources. Schedule Your Demo Now.