United States of America: Implemented NAIC Data Security Model Act

The NAIC Data Security Model Act was implemented on 1 August 2021, introducing new data protection rules for insurance companies (Minnesota HF 6, Article 3, Sections 5 to 13). The Model Act is a law proposed by the National Association of Insurance Commissioners (NAIC) and has already been enacted by 18 states of the US. The new law aims to serve as a guideline for insurance companies on how to prepare for and react to a potential data breach. It applies to insurers, insurance agents, and other insurance-related entities licensed by the Department of Commerce. All these entities are obliged to (i) to create a plan on how to deal with cybersecurity events; (ii) to implement the plan and to investigate presumed cybersecurity events; and (iii) to notify the Department of Commerce as well as consumers in case of a cybersecurity event.