December 12, 2019

NAIC Evaluating Existing Framework for Privacy Regulation

National Association of Insurance Commissioners is examining current privacy model laws and regulations to ensure the proper use and security of insurance consumer data.

The Privacy Protection Working Group of the National Association of Insurance Commissioners (NAIC), which was just formed on October 1, 2019, is moving quickly to evaluate the existing consumer data privacy and security regulatory framework for insurance in the US. The Working Group plans to present its findings with respect to the foregoing at the NAIC’s 2020 Summer National Meeting.

Specifically, the Working Group will evaluate the existing NAIC privacy model laws and regulations including, inter alia, the Insurance Information and Privacy Protection Model Act (Model 670), the Health Information Privacy Model Act (Model 55), and the Privacy of Consumer Financial and Health Information Regulation (Model 672), as well as the California Consumer Privacy Act and the European Union’s General Data Protection Regulation, to identify whether there is a need for new requirements or amendments to any existing NAIC model laws and regulations.

The Working Group plans to provide more detailed guidance with respect to its activities in periodic conference calls over the coming months and has solicited comments from interested parties to help it formulate a view as to what actions should be taken to ensure that insurance consumer data is appropriately used and protected.

On a related point, as of this date nine states have adopted cybersecurity laws along the lines of the NAIC Insurance Data Security Model Law (Model 668).