Understanding the impact of the NAIC Data Security Model Law
RECORDED WEBCAST |
In October 2017, the NAIC approved an Insurance Data Security Model Law. This law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures.
Although it is currently only a model law and not enforceable until approved and adopted by individual states, the NAIC has an aggressive goal of encouraging “legislatures or regulatory bodies to adopt the model law, with as few changes as possible, in a majority of states within three years.” Additionally, once a state adopts the law, insurers will only have one year to comply with nearly all the regulations.
The presenters will share an overview of the model law, discuss potential impacts on insurance companies nationwide and explain how to plan for it. In addition, you’ll learn firsthand what examiners are focused on and what RSM professionals have experienced as they’ve examined insurance company data security policies and procedures.