Printable versionSend by emailPDF version
September 12, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Bill, also known as the NAIC “Model Law.”

NAIC’s Model Law seeks to establish a guiding framework that provides actionable expectations to regulated entities so they can develop and establish the operation of a comprehensive cybersecurity program. Among many other things, the Model Law requires 1.) planned cybersecurity testing, 2.) board-level involvement with a company’s information security program and 3.) incident response plans for specific breach notification procedures.

In a recent article published by Insurance Journal, A&M Senior Director John deCraen examines the background and enforcement of this piece of cybersecurity legislation, and discusses the significance of South Carolina serving as the first state to adopt it.

Click here to read the full article >