NAIC Model Laws
National Association of Insurance Commissioners Insurance Data Security Model Law
Model cybersecurity law for insurance industry adopted by US states.
What is NAIC Model Laws?
The NAIC Insurance Data Security Model Law (MDL-668) establishes standards for data security and investigation of cybersecurity events applicable to insurance companies, agents, and other licensed entities. Developed by the National Association of Insurance Commissioners, the model law has been adopted by numerous states.
The model law requires licensees to develop, implement, and maintain an information security program, conduct risk assessments, implement security measures based on risk assessment, oversee third-party service providers, investigate cybersecurity events, and notify the insurance commissioner of qualifying events.
Who Needs NAIC Model Laws?
- Insurance companies
- Insurance agencies
- Managing General Agents (MGAs)
- Third-party administrators
- InsurTech companies
Key Requirements
Core compliance areas for NAIC Model Laws
Information Security Program
Develop and maintain comprehensive written information security program.
Risk Assessment
Conduct periodic risk assessments of information systems and nonpublic information.
Third-Party Oversight
Exercise due diligence in selecting and monitoring third-party service providers.
Incident Response
Establish incident response plan and investigate cybersecurity events promptly.
Annual Certification
Submit annual certification of compliance to state insurance commissioner.
Benefits of NAIC Model Laws Compliance
- Insurance license compliance
- Consistent approach across states
- Protection of policyholder information
- Reduced breach risk
- Foundation for security program
- Regulatory relationship management
How PartnerAlly Helps with NAIC Model Laws
Streamline your path to NAIC Model Laws compliance with our AI-powered platform.