The issue of insurance data security was at the forefront of the National Association of Insurance Commissioners (NAIC) Spring 2016 National Meeting.
The event also tackled concerns related to surplus lines, health care regulatory reforms, life insurance, producer licensing, and accreditation standards.
Prior to the meeting, the NAIC Executive Committee approved the Cybersecurity Task Force’s request to develop a new model law for insurance data security. The committee reasoned that the current Insurance Information and Privacy Protection Model Act and the Privacy of Consumer Financial and Health Information Regulation were in need of revisions, as they were no longer adequate enough to address modern cybersecurity concerns.
Following the approval, Cybersecurity Task Force chair and North Dakota insurance commissioner Adam Hamm laid out a timeline for drafting and adopting the model law. He hopes that once the model law is written, it would be included in NAIC’s package next year.
The Task Force then convened at the event and shared news of the model law’s development to industry representatives present. According to a
Law Review report, the model law raised several concerns from the representatives present:
- The draft model law might not be universally adopted by individual states, resulting in variations.
- The draft model law could render other state and federal laws regulating data security inapplicable to licenses subject to the model law.
- The Task Force must work more closely with industry stakeholders to better understand how the model law would affect the.
