Two more states adopt model law on data security for the insurance industry – Insurance
United States: Two more states adopt model data security law for the insurance industry
To print this article, simply register or connect to Mondaq.com.
Maine and North Dakota recently adopted data security from the National Association of Insurance Commissioners (NAIC) model law. They join at least 11 other states that have already adopted the model law. The Model Law applies to insurers, insurance agents and other entities licensed by the State Department of Insurance.
As we wrote in our overview of insurance certifications, among other requirements, the Model Law requires organizations subject to the law to have:
- A comprehensive written information security program tailored to the size and complexity of the business
- A written incident response plan
- Employee training
- Appropriate control by the board of directors of the company
Neither law will come into effect immediately. The Maine Model Law does not come into effect until January 1, 2022, with a section regarding compliance with agreements with third-party service providers effective January 1, 2023. North Dakota law comes into effect later on August 1, 2022, with a section regarding the obligation to document and report cybersecurity events and related incident response activities as of August 1, 2023.
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought on your particular situation.
POPULAR ARTICLES ON: Insurance from the United States