Insurance Data Security Model Law

    September 2016

    The NAIC’s Cybersecurity Task Force released a new draft model Insurance Data Security Law in August and is requesting comments by Friday, September 16, 2016. Given the scope of the draft model law and its likely application to all US insurance companies and other licensees, if adopted by the individual states, all insurance companies should be cognizant of this development.

    This alert outlines some of the more important features of the new draft, including the draft’s attempt to apply generic cybersecurity standards and integration with existing state data protection and notification laws. Notably, this draft retains the reporting requirement to the relevant insurance regulators.