Andreas Kaltsounis and Shea M. Leitch of BakerHostetler write:
Three states recently enacted variations of the National Association of Insurance Commissioner’s (NAIC) Insurance Data Security Model Law (MDL-668), based on the landmark cybersecurity requirements issued by the New York Department of Financial Services (NYDFS) in March 2017. The NYDFS requirements apply to certain banking, insurance and financial service entities licensed in the state of New York. The legislative trend based on the NAIC model law prescribes detailed cybersecurity requirements for insurance-related entities. South Carolina led the pack, enacting the Insurance Data Security Act in May 2018. Ohio and Michigan followed suit in December, and other states appear poised to consider similar legislation.
Read more on Data Privacy Monitor.