In this hectic year, insurers shouldn’t lose track of the National Association of Insurance Commissioners’ standards for data security. Which states have adopted the NAIC Model Law, and what approach has each state taken? Insurers should give careful consideration to the complex differences from state to state when it comes to data protection and reporting cybersecurity events.
As we reported in February 2020, the NAIC adopted the Model Law to “establish standards for data security and standards for the investigation and notification to the Commissioner of a Cybersecurity Event applicable to Licensees.” As of February, eight states (Alabama, Connecticut, Delaware, Michigan, Mississippi, New Hampshire, Ohio and South Carolina) had adopted the Model Law in some form. Since then, three additional states (Indiana, Louisiana and Virginia) have adopted versions of the Model Law, bringing the total number of adopting states to eleven.
Read the full article on the Faegre Drinker website.