July 1, 2022

Volume XII, Number 182

Advertisement
Advertisement

July 01, 2022

Subscribe to Latest Legal News and Analysis

June 30, 2022

Subscribe to Latest Legal News and Analysis

June 29, 2022

Subscribe to Latest Legal News and Analysis

June 28, 2022

Subscribe to Latest Legal News and Analysis

Kentucky is The Latest State to Adopt the NAIC Insurance Data Security Model Law

Kentucky Governor Andy Beshear recently signed House Bill 474 to become the latest state to enact data insurance security legislation. The new law is modeled after the data security law of the National Association of  Insurance Commissioners (NAIC). Licensees with more than 50 employees who are authorized to operate, or are registered under the insurance laws of Kentucky, must comply with the new law. The law requires that licensees comply with data security provisions such as developing a written information security program, investigating and reporting cybersecurity events to the insurance commissioner within three days, and conducting risk assessments.

Although the law takes effect on January 1, 2023, licensees will have one year from its effective date of the law to implement many provisions of the law, including performing the risk assessment, establishing the written information security program, and designating an individual or vendor who is responsible for the information security program. The law also states the licensees have two years to design and implement a full information security program.

We previously wrote about the NAIC Model Law when Maine and North Dakota enacted similar laws. Our latest count is that now 21 states have enacted similar laws, some with slight variations as to notification periods, timelines, or definitions.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 111
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Deborah A. George, Robinson Cole, Cybersecurity lawyer
Counsel

Deborah George is a member of the firm’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team.

Deb advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters.  She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as  drafting and reviewing contracts, business associate agreements, and data use agreements. ...

401.709.3363
Advertisement
Advertisement
Advertisement