Insurance. Data Security. Bill of Rights for Consumers.

To whom does the model insurance-cybersecurity law apply?  To anyone who holds a license, registration or is authorized by a state insurance agency

There’s a revision to the model law, what’s changed?

  • No preemption by the model law
  • No private causes of action. tort reformers rejoice. 
  • No contractual requirements for 3rd party vendors, but 3rd part vendors must be capable of protecting information
  • Stronger notification requirements that trigger notification within 3 days of learning that personal information has been taken, removing a requirement that the information be toed to “substantial harm or inconvenience”
  • Penalties have been removed and left to state regulators

National Law Review | Insurance Regulators Fine Tuning Cybersecurity Guidance

 

 

 

Your informed intel from August 25, 2016:

What entity is proposing model data security laws for insurance?  the Cybersecurity Task Force (Task Force) of the National Association of Insurance Commissioners (NAIC)

Is it final? No, its a revised draft after taking into account stakeholder positions

What issues are covered in the model act draft?

  • Require licensees to create a “comprehensive written information security program”
  • Required Data Security programs will detail the:
    • administrative,
    • technical, &
    • physical safeguards for the protection of personal information
  • Require licensees to contract only with 3rd service providers who are “capable of maintaining appropriate safeguards for personal information.”
  • Creates standards for investigations of a data breach, including:
    •  When a data breach occurs
    • That  the licensee must properly investigate the breach
    • Assessing the nature and scope of the breach
    • Identifying the personal information that may have been involved
    • Determining if the personal information had been acquired without authorization
    • Taking reasonable measures to restore the security of the systems compromised in the breach.

To comment: Email Sara Robben at srobben@naic.org by close of business on Friday, September 16, 2016.

Lexology | Mayer Brown | NAIC Issues Revised Insurance Data Security Model Law

 
 

image



Thank you for subscribing to our newsletter.
Great things are just around the corner!