Louisiana Passes NAIC Model Data Security Bill

June 4, 2020

Louisiana became the latest state to pass legislation based off the model data security bill developed by the National Association of Insurance Commissioners (NAIC).

HB 614 creates rules for licensed entities covering information security, investigation, notification of breach and confidentiality. This includes maintaining an information security program based on ongoing risk assessment, overseeing third-party service providers, investigating data breaches and notifying regulators of a cybersecurity event.

The bill includes several exemptions. A licensee is exempt if it meets any of the following:

  • Has fewer than 25 employees
  • Has less than $5 million in gross annual revenue
  • Has less than $10 million in year-end total asset
  • Is an employee, agent, representative or designee of a licensee, who also is a licensee, to the extent that the employee, agent, representative or designee is covered by the information security program of the other licensee
  • Meets the requirements of the Gramm-Leach-Bliley Act

Development of the information security program must be consider a company’s size and complexity, nature and scope of the licensee's activities including its use of third-party service providers, and sensitivity of the nonpublic information used by the licensee or in the licensee's possession, custody or control.

The legislation gives the insurance commissioner the ability to investigate any licensee to determine whether there was a violation. The commissioner also is given authority to “take any action that is necessary or appropriate to enforce” the law.

The bill was sent to the governor June 3 for his signature. Effective date of the legislation is tiered starting Aug. 1, 2020.

In 2018, South Carolina became the first state to pass a measure based on the NAIC model bill. Other states that have passed the model bill are Alabama, Connecticut, Delaware, Michigan, Mississippi, New Hampshire and Ohio.

In February, ALTA released its data privacy principles. The principles recommend the development of a single, national standard to help protect consumer private information uniformly and consistently while maintaining an efficient homebuying and selling experience.

Contact ALTA at 202-296-3671 or communications@alta.org.