Catching up on the NAIC Data Security Model Law, Part 2

In this hectic year, insurers shouldn’t lose track of the National Association of Insurance Commissioners’ standards for data security. Which states have adopted the NAIC Model Law, and what approach has each state taken? Insurers should give careful consideration to the complex differences from state to state when it comes to data protection and reporting cybersecurity events.

As we reported in February 2020, the NAIC adopted the Model Law to “establish standards for data security and standards for the investigation and notification to the Commissioner of a Cybersecurity Event applicable to Licensees.” As of February, eight states (Alabama, Connecticut, Delaware, Michigan, Mississippi, New Hampshire, Ohio and South Carolina) had adopted the Model Law in some form. Since then, three additional states (Indiana, Louisiana and Virginia) have adopted versions of the Model Law, bringing the total number of adopting states to eleven.

Read the full article on the Faegre Drinker website.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jeremiah Posedel

Jeremiah Posedel advises multinational and domestic companies in two distinct but overlapping domains — information privacy and security and information technology transactions. View Jeremiah's full bio on the Faegre Drinker website.

About the Author: Jigar D. Gandhi

Jigar Gandhi advises clients on a range of compliance issues raised by United States federal and state privacy laws including the GLBA, CCPA, New York DFS Cybersecurity Regulation and the NAIC Data Security Model Law. Jigar also assists insurance clients in identifying pending legislative and regulatory challenges that may affect their business. Jigar represents life, health, property and casualty insurance companies in addition to insurance marketing organizations. Jigar was also appointed by D.C. Mayor Muriel Bowser to serve on the D.C. Financial Services Regulatory Sandbox and Innovation Council. View Jigar's full bio on the Faegre Drinker website.