In an effort to set new standards for data security, investigation, and notification of data security practices for insurance providers, the National Association of Insurance Commissioners (NAIC) has drafted the Insurance Data Security Model Law. Sharing similar measures as the New York State Department of Financial Services’ cybersecurity regulation, the model law requires covered companies to enact an information security program, conduct a risk assessment, and perform due diligence of third-party service providers. Unlike New York’s cybersecurity regulation, the NAIC model law identifies 13 specific categories of information to be reported to a state commissioner. In states that adopt the model law, insurers have one year to become compliant with all but the third-party-provider rules, which must be compliant within two years. The Insurance Data Security Model Law now moves on to state legislatures and insurance commissioners to act on the newly proposed statute.
Early indications suggest that insurers currently compliant with New York’s cybersecurity regulations may also be compliant with the NAIC model law. However, certain exemptions expressed in New York’s cybersecurity regulation differ from those of the Insurance Data Security Model Law. Accordingly, it is always best practice to reexamine all internal procedures and confirm compliance.
Please be reminded that all licensed resident and non-resident firms and individuals must file a Certification of Compliance demonstrating full compliance with New York’s cybersecurity regulation by the February 15, 2018 deadline. All additional cybersecurity-related reports, tests, and assessments required by New York’s Cybersecurity Regulations must be completed by March 1, 2018.
For any questions regarding the Insurance Data Security Model Law, or for assistance in compliance matters pertaining to the new law, please contact Westmont Associates, Inc.
Contact Westmont Associates, Inc.
Westmont Associates, Inc. tracks developments affecting the insurance industry, in addition to our other services. If you have any questions, please contact us.