Click on an attorney to jump to their bio:
Manuel J. Ruiz, Jr.
Reynaldo Guerra Garza
Raúl Héctor Castro
Few technology innovations in recent memory have touched off the wide range of emotions in social conversation as the nascent category of generative artificial intelligence (AI) tools. Depending on whom...
What is Arbitration?
Is Arbitration Better than Litigation?
Why Choose Litigation Over Arbitration?
Other Factors That Influence the Path to Arbitration vs. Litigation
What is a Disadvantage...
This post was originally published in October 2018 and verified in September 2023.
So, you’re a skilled lawyer working for a small (or solo) law firm - though it may be tempting to assume your...
As a solo or small firm attorney, managing your law firm's budget is a crucial aspect of running a successful practice. Staying financially sound allows you to focus on serving your clients without...
There has been a push for increased transparency and regulation in the insurance industry regarding consumer data privacy. With an increase in consumer data collection, the threat of ransomware attacks can open your company up to potential litigation or regulatory action if not handled properly.
On February 1, 2023, the National Association of Insurance Commissioners (NAIC) released Insurance Consumer Privacy Protection Model Law #674 to replace both Insurance Information and Privacy Protection Model Act #670 and the Privacy of Consumer Financial and Health Information Regulation #672.
The two previous models had been in place for over two decades with no changes made prior to the introduction of Model #674. This speaks directly to the increased focus that consumer data privacy has received in 2023 as the guidelines can change at almost any moment.
When drafting Model #674, the Privacy Protection Working Group (PPWG) attempted to bring up a few key issues with previous models. The first issue addressed was to enhance transparency of how consumer data is collected and when expressed consent from the consumer is required. This extends to not only the collection of consumer data, but also the sharing data with another entity inside or outside of the United States.
The second issue that was addressed was to ensure that the consumer held the right to have his or her personal information amended if necessary.
The third issue introduces a new record retention requirement instead of the previously accepted “right to be forgotten” provision. There are many additional issues brought up by PPWG when drafting Model #674, which you can see here.
The NAIC enacted an additional model law that speaks directly to insurers. This is the Insurance Data Security Model Law, which establishes standards for both data security and for the investigation of cybersecurity events. Almost half of the states in the United States have already adopted this new model with more expected in the coming months.
The regulations impose a series of new requirements upon insurance companies. The first requirement is to conduct annual risk assessments to find any potential weak points that could be exploited. The second requirement is to maintain an information security program. The third requirement is to investigate any cybersecurity events that occur and notify the commissioner of cybersecurity events. In most states that have adopted this model, you are required to notify the commissioner within 3 days. The final requirement is to notify any consumers that were affected to let them know their data has been compromised.
If you would like a more detailed breakdown of the NAIC models, check out the NAIC Data Protection & Cybersecurity Models and Principles for Insurers Video.
Check out this video if you would like to see a breakdown of how data protection policies and procedures should be drafted. It goes into detail regarding the important steps insurance organizations must take to create effective data protection policies and procedures.
The introduction of artificial intelligence into the insurance industry could help assess risk at a higher level, make fraud easier to detect, and reduce human error within your company. A survey conducted by LexisNexis found that 4 in 10 lawyers are already utilizing generative AI to assist in their everyday tasks. Artificial intelligence could change the insurance sector forever, but it does raise some data privacy concerns.
Practical Guidance provides highly useful resources to aid you in drafting an effective insurance policy and procedure for your company. The Data Protection in the Insurance Industry Checklist serves as an outline of important steps that you will need to take to remain compliant. These steps will cover data collection practices, privacy policies, implementation of training, risk assessment, and vendor management.
The Impact of New York Insurance Laws and Regulations on Cybersecurity Video discusses the regulation of data protection for insurers in New York. New York’s unique approach will have lasting impacts on how the rest of the states follow suit with future regulation.
With Lexis+® General Counsel Suite, you can strengthen your work with specialized content through the Insurance practice area, plus leverage practice notes, automated templates, resource kits and more — all while monitoring industry shifts with breaking business and legal news. Try it out with a 7-day free trial.