Maine One of Latest States to Enact NAIC-Inspired Insurance Data Security Act
Maine is one of the latest states to enact its own version of the National Association of Insurance Commissioners (NAIC) model data security law, signing the Maine Insurance Data Security Act into law on March 17.
The NAIC Insurance Data Security Model Law was formally adopted in 2017 and aims to establish data security standards for regulators and insurers to mitigate damage from a data breach. It has since been adopted by several U.S. states, with Maine and North Dakota being two of the latest.
“The NAIC model development has received wide attention in the industry from interested parties, including trade groups representing insurers and producers,” Maine Bureau of Insurance Superintendent Eric Cioppa told Insurance Journal in emailed comments. “…Maine has actively participated in the development of the NAIC model law, which Maine’s new law is based upon.”
To embed, copy and paste the code into your website or blog:
Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons authorized or registered to operate pursuant to the insurance laws of Maine (licensees), with the aim of protecting the security and confidentiality of non-public information and the security of the licensee s information systems. Licensees with fewer than ten employees are exempt.
Like the NAIC model law and the New York State Department of Financial Services Cybersecurity Regulation that inspired it, the Act requires licensees to develop, implement, and maintain a written information security program to protect the licensee s systems and non-public information. These programs must be proportionate t