NAIC Insurance Data Security Model Law Update: Vermont Becomes 22nd State

Locke Lord LLP

Vermont Governor Scott signed the Vermont Insurance Data Security Law (available here) (the “VIDSL”), becoming the 22nd state to adopt a cybersecurity statute based on the National Association of Insurance Commissioners Insurance Data Security Model Law (NAIC Model 668). Importantly for many licensees, the new Vermont statute, which will be effective January 1, 2023 (with some delayed compliance dates) codifies a drafters’ note of NAIC Model 668 (which has not been adopted in all state implementations) stating that compliance with the Cybersecurity Regulation of the New York Department of Financial Service, with a written certification of such compliance, is deemed to satisfy the requirements of the VIDSL.

There are some differences between the VIDSL and NAIC Model 668, the most important of which is the lack of a Vermont requirement to report certain cybersecurity events to the commissioner. Instead, the VIDSL specifically provides that it “shall not be construed to change any aspect of the Security Breach Notice Act, 9 V.S.A. § 2435,” which requires entities regulated by the Department of Financial Regulation to provide notice of certain cybersecurity events to the Department, but without the 72 hour deadline of NAIC Model 668.

For those keeping track, NAIC Model 668 has been adopted in the following 22 states as of June 21, 2022: AL, AK, CT, DE, HI, IN, IA, KY, LA, ME, MD, MI, MN, MS, NH, ND, OH, SC, TN, VT, VA, and WI.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide