John S. Pruitt, Mary Jane Wilson-Bilik and John Allen Zumpetta of Sutherland Asbill & Brennan LLP write:
On August 17, the National Association of Insurance Commissioners (the NAIC) Cybersecurity (EX) Task Force (the Task Force) released for comment a revised draft Insurance Data Security Model Law (the Model Law). This Model Law purports to “establish exclusive standards . . . for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or registered” pursuant to an enacting state’s insurance laws. When first presented in April, the Model Law generated more than 40 comment letters from trade associations, market participants and regulators. It also was the subject of a spirited discussion at the Spring National Meeting and a two-day interim meetingin which interested parties and regulators discussed issues raised by the Model Law.
Read more on Lexology.