United States of America: Adopted NAIC Data Security Model Act

The NAIC Data Security Model Act is adopted by the Minnesota Legislature and signed by the Minnesota Governor on 26 June 2021, introducing new data protection rules for insurance companies (Minnesota HF 6, Article 3, Sections 5 to 13). The Model Act is a law proposed by the National Association of Insurance Commissioners (NAIC) and has already been enacted by 18 states of the US. The new law aims to serve as a guideline for insurance companies on how to prepare for and react to a potential data breach. It applies to insurers, insurance agents, and other insurance-related entities licensed by the Department of Commerce. All these entities are obliged to (i) to create a plan on how to deal with cybersecurity events; (ii) to implement the plan and to investigate presumed cybersecurity events; and (iii) to notify the Department of Commerce as well as consumers in case of a cybersecurity event.