NAIC Passes Insurance Data Security Model Law

October 24, 2017

The National Association of Insurance Commissioners adopted the Insurance Data Security Model Law during a joint meeting of the Executive (EX) Committee and Plenary.

The model law, adopted during National Cybersecurity Awareness Month, creates rules for insurers, agents and other licensed entities covering data security, investigation and notification of breach. This includes maintaining an information security program based on ongoing risk assessment, overseeing third-party service providers, investigating data breaches and notifying regulators of a cybersecurity event.

"Considering the recent series of data breaches, cybersecurity is more important now than ever," said Ted Nickel, NAIC President and Wisconsin Insurance Commissioner. "Regulators have a critical role to play in protecting consumers as the cyber landscape continues to evolve and this model law sets cybersecurity customs for insurers to help safeguard consumers."

The model law includes requirements for:

  • Implementation of an information security program
  • Objectives of information security program
  • Risk assessment
  • Risk management
  • Oversight by Board of Directors
  • Oversight of third-party service providers
  • Program adjustments
  • Incident response plan
  • Annual certification to commission of domiciliary state
  •  Investigation of a cybersecurity event
  • Notification of a cybersecurity event

According to the model act, a licensee with fewer than 10 employees, including any independent contractors, is exempt from implementing an information security program.

The model law progressed through the NAIC Innovation and Technology (EX) Task Force and the Cybersecurity (EX) Working Group during the NAIC's Summer 2017 National Meeting. The working group solicited input from regulators as well as industry and consumer representatives throughout the drafting process.


Contact ALTA at 202-296-3671 or communications@alta.org.

SoftPro, based in Raleigh, NC, offers a mature suite of products, designed specifically for the closing and title industry. Our mission is to serve our client base, with best-in-class products and services. Our products are modular so we don't force you to buy anything you don't need. You can always add on as your business grows. Unlike other software companies, we view the sale as the beginning of the relationship rather than the end. North American Title Insurance Company (NATIC) is a seasoned title insurance underwriter, helping title agents to achieve their individual business goals for more than 50 years. Today, the company conducts real estate settlement services in 39 states and the District of Columbia through a network of experienced, independent agents.