On Oct. 24, 2017, the National Association of Insurance Commissioners (NAIC) approved the Insurance Data Security Model Law to address cybersecurity risks and set guidelines for licensees.
Our distribution channel needs to keep in mind that while this is a model law, states are already using it as their template for adoption. South Carolina was the first state to adopt the NAIC model law—almost in its entirety—and other states, such as New Jersey, are currently in the process of reviewing it.
While the law contains many details, some are particularly important for insurance agencies that handle personal information of clients and employees.
At the core of the model law is a focus on safeguarding consumers’ nonpublic information. Among the requirements placed on licensees in the event of a cybersecurity event is notification to the insurance commissioner no later than 72 hours after the discovery of an event.
The Agents Council for Technology also created the Agency Cyber Guide 1.0 to help agents understand individual regulations and the consequences of noncompliance, and to provide resources on all cyber regulations, including the New York Department of Financial Services cybersecurity regulation and Gramm-Leach-Bliley.
If you have additional questions about data security, contact ACT