May 11, 2021

Volume XI, Number 131

Advertisement

May 11, 2021

Subscribe to Latest Legal News and Analysis

May 10, 2021

Subscribe to Latest Legal News and Analysis

Maine and North Dakota Are Latest States to Adopt the NAIC Data Security Model Law

Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa, Minnesota, Rhode Island, and Wisconsin have similar bills pending.

What is the NAIC Model Law and to Whom Does it Apply?

According to the NAIC, the Model Law “seeks to establish standards for regulators and insurers in order to mitigate the potential damage of a data breach. The law applies to insurers, insurance agents and other entities licensed by the state department of insurance.”

What Does the Model Law Require?

The Model Law requires insurers and regulated entities licensed by state insurance departments to develop, implement, and maintain an information security program based on its risk assessment, with a designated employee in charge of the information security program. The Model Law also requires licensees to investigate a cybersecurity event and notify the state insurance commissioner. Licensees are required to implement an incident response plan.

Both the Maine and the North Dakota laws will not take effect right away. Maine’s Model Law is effective January 1, 2022, with one section regarding compliance with third-party service provider arrangements effective January 1, 2023. The North Dakota law takes effect on August 1, 2022, with one section regarding the obligation to document and report cybersecurity events and related incident response activities effective August 1, 2023.

 

Advertisement
Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 105
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Deborah A. George, Robinson Cole, Cybersecurity lawyer
Counsel

Deborah George is a member of the firm’s Business Litigation Group as well as its Data Privacy + Cybersecurity Team.

Deb advises clients on and focuses her practice on data privacy and security, cybersecurity, and compliance with related state and federal laws. She also has experience providing counsel in civil litigation and employment law matters.  She has significant experience offering advice and counsel on legal issues related to human services agencies, including Medicaid, as well as  drafting and reviewing contracts, business associate agreements, and data use agreements. ...

401.709.3363
Advertisement
Advertisement