In this hectic year, insurers shouldn’t lose track of the National Association of Insurance Commissioners’ standards for data security. Which states have adopted the NAIC Model Law, and what approach has each state taken? Insurers should give careful consideration to the complex differences from state to state when it comes to data protection and reporting cybersecurity events.
As we reported in February 2020, the NAIC adopted the Model Law to “establish standards for data security and standards for the investigation and notification to the Commissioner of a Cybersecurity Event applicable to Licensees.” As of February, eight states (Alabama, Connecticut, Delaware, Michigan, Mississippi, New Hampshire, Ohio and South Carolina) had adopted the Model Law in some form. Since then, three additional states (Indiana, Louisiana and Virginia) have adopted versions of the Model Law, bringing the total number of adopting states to eleven.
Read the full article on the Faegre Drinker website.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.