Recently, a task force of the National Association of Insurance Commissioners (NAIC) offered a draft of their Insurance Data Security Model Law for public comment. The model law aims to establish not only exclusive standards within the insurance industry for data security, but also strict notification requirements if consumers’ personal information is breached.
The model law anticipates penalties that would initially range from $500 to $10,000, but repeated violations could lead to a $50,000 fine or suspension of a state license. The task force hopes to receive comments by March 23, after which it will consider revisions and offer the model law for formal approval by NAIC’s Executive Committee. State legislatures would then decide whether to adopt a version of the law for their state.
TIP: This proposed model law signals that state insurance regulators are very concerned about privacy and data security. Companies who might be covered by such a model law, if implemented in relevant states, may wish to submit comments about the model law by email before March 23.