Two More States Adopt NAIC Model Data Security Law

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP

[co-author: Rebecca Kocsis]

The National Association of Insurance Commissioner (NAIC)’s model data security law (“Model Law”) was recently adopted by Maine and North Dakota. This addition brings the total number to states that have joined the NAIC Model Law to 13. The Model Law, which we have covered previously here, was issued in 2017. Since its introduction, states have been strongly encouraged to adopt the law or similar security protections, if similar existing legislation is absent.

The Model Law requires insurance organizations to have a comprehensive, written security program that is appropriate to the insurer’s size and complexity, as well as a written incident response plan, employee training and oversight by the insurer’s board of directors, and oversight of third-party service providers through due diligence and security requirements. The Model Law further calls for insurers to quickly report and investigate data breaches and certify their compliance efforts annually with security provisions.

Maine’s adoption of the Model Law will not be effective until January 1, 2022. Further, in Maine, the third-party service provider arrangements requirements will not be effective until January 1, 2023. North Dakota’s adoption of the Model Law will take effect on August 1, 2022. For North Dakota, the requirements to report and document cybersecurity events and incident responses activities will not become effective until August 1, 2023.

As more states look to adopt the NAIC Model Law, insurers should evaluate their in-house security programs, and monitor developments in states that have yet to pass similar laws. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.