Coming Soon to Texas: NAIC Data Security Model Law

On Oct. 24, 2017, the National Association of Insurance Commissioners (NAIC) approved the Insurance Data Security Model Law to address cybersecurity risks and set guidelines for licensees.

Our distribution channel needs to keep in mind that while this is a model law, states are already using it as their template for adoption. South Carolina was the first state to adopt the NAIC model law—almost in its entirety—and other states, such as New Jersey, are currently in the process of reviewing it.

While the law contains many details, some are particularly important for insurance agencies that handle personal information of clients and employees.

At the core of the model law is a focus on safeguarding consumers’ nonpublic information.  Among the requirements placed on licensees in the event of a cybersecurity event is notification to the insurance commissioner no later than 72 hours after the discovery of an event.

For more information on the NAIC model law, check out a detailed article on, which breaks down the compliance regulations step by step.

The Agents Council for Technology also created the Agency Cyber Guide 1.0 to help agents understand individual regulations and the consequences of noncompliance, and to provide resources on all cyber regulations, including the New York Department of Financial Services cybersecurity regulation and Gramm-Leach-Bliley.  

If you have additional questions about data security, contact ACT​

This entry was posted in News and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s