In October 2017, the National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Bill, also known as the NAIC “Model Law.”
NAIC’s Model Law seeks to establish a guiding framework that provides actionable expectations to regulated entities so they can develop and establish the operation of a comprehensive cybersecurity program. Among many other things, the Model Law requires 1.) planned cybersecurity testing, 2.) board-level involvement with a company’s information security program and 3.) incident response plans for specific breach notification procedures.
In a recent article published by Insurance Journal, A&M Senior Director John deCraen examines the background and enforcement of this piece of cybersecurity legislation, and discusses the significance of South Carolina serving as the first state to adopt it.