In 2017, the National Association of Insurance Commissioners adopted a Data Security Model Law and states have been quick to respond. So far, South Carolina has been the only state to adopt the actual model with no modifications –which isn’t too surprising considering South Carolina’s Insurance Director, Ray Farmer, led the Cybersecurity Working Group at the NAIC.

Other states, including Michigan, Mississippi, Alabama, New Hampshire and Ohio have all enacted/adopted the NAIC model with at least some of the industry recommended amendments.

As these bills are moving quickly through state legislatures, NAIFA chapters are lobbying for the inclusion of a set of industry-supported amendments to the NAIC model. In addition, NAIFA advocates are pushing for a brief set of producer-specific amendments that did not make it into the package of industry amendments, but are of some importance to agents in particular. These amendments can be found here:

• Industry Suggested Revisions to NAIC Cybersecurity Model Law
• Big I and NAIFA Proposed Revisions to Industry Revised NAIC Cyber Model

If you have any questions about the NAIC Cybersecurity Model or industry-supported amendments, please contact NAIFA Vice President of Government Relations, Gary Sanders at gsanders@naifa.org.