By Mahala Miller, Corporate Legal In-house legal departments are turning to generative AI (Gen AI) technology as more than an IT upgrade—it is quickly becoming a transformative force. The adoption...
The legal industry is at a tipping point. Amid record-high first-year salaries, an explosion of lateral partner movement, and an uptick in merger activity, one question looms large for every firm: How...
America’s corporate suites are bracing for the impact of a steady flow of retiring executives, and the legal department is no exception to this demographic trend. The legal industry is “grappling...
In today’s legal market, innovation is central to how firms deliver value, attract talent, and grow profitably. The difference between firms that see marginal gains and those that lead the market...
By Serena Wellen, Vice President of Product Management at LexisNexis Legal and Professional May 22, 2025 A new article from Business Insider has brought yet another legal AI misstep into the spotlight...
* The views expressed in externally authored materials linked or published on this site do not necessarily reflect the views of LexisNexis Legal & Professional.
There has been a push for increased transparency and regulation in the insurance industry regarding consumer data privacy. With an increase in consumer data collection, the threat of ransomware attacks can open your company up to potential litigation or regulatory action if not handled properly.
On February 1, 2023, the National Association of Insurance Commissioners (NAIC) released Insurance Consumer Privacy Protection Model Law #674 to replace both Insurance Information and Privacy Protection Model Act #670 and the Privacy of Consumer Financial and Health Information Regulation #672.
The two previous models had been in place for over two decades with no changes made prior to the introduction of Model #674. This speaks directly to the increased focus that consumer data privacy has received in 2023 as the guidelines can change at almost any moment.
When drafting Model #674, the Privacy Protection Working Group (PPWG) attempted to bring up a few key issues with previous models. The first issue addressed was to enhance transparency of how consumer data is collected and when expressed consent from the consumer is required. This extends to not only the collection of consumer data, but also the sharing data with another entity inside or outside of the United States.
The second issue that was addressed was to ensure that the consumer held the right to have his or her personal information amended if necessary.
The third issue introduces a new record retention requirement instead of the previously accepted “right to be forgotten” provision. There are many additional issues brought up by PPWG when drafting Model #674, which you can see here.
Model #674 tells us that the NAIC is currently in the process of reviewing its historical approaches to regulation of consumer data within the insurance industry and is taking a stricter stance. The new model along with current and future state data privacy laws will shape the way companies are able to handle and use consumer data, in addition to the litigation that they may face for failing to comply. It is of the utmost importance that you can stay up to date on your state’s privacy laws when attempting to draft a new data privacy policy for your company. The State Law Comparison Tool allows you to compare state laws on insurance data security with ease. This can make your life much easier when dealing with compliance issues across multiple states.
The NAIC enacted an additional model law that speaks directly to insurers. This is the Insurance Data Security Model Law, which establishes standards for both data security and for the investigation of cybersecurity events. Almost half of the states in the United States have already adopted this new model with more expected in the coming months.
The regulations impose a series of new requirements upon insurance companies. The first requirement is to conduct annual risk assessments to find any potential weak points that could be exploited. The second requirement is to maintain an information security program. The third requirement is to investigate any cybersecurity events that occur and notify the commissioner of cybersecurity events. In most states that have adopted this model, you are required to notify the commissioner within 3 days. The final requirement is to notify any consumers that were affected to let them know their data has been compromised.
If you would like a more detailed breakdown of the NAIC models, check out the NAIC Data Protection & Cybersecurity Models and Principles for Insurers Video.
Check out this video if you would like to see a breakdown of how data protection policies and procedures should be drafted. It goes into detail regarding the important steps insurance organizations must take to create effective data protection policies and procedures.
The introduction of artificial intelligence into the insurance industry could help assess risk at a higher level, make fraud easier to detect, and reduce human error within your company. A survey conducted by LexisNexis found that 4 in 10 lawyers are already utilizing generative AI to assist in their everyday tasks. Artificial intelligence could change the insurance sector forever, but it does raise some data privacy concerns.
Practical Guidance provides highly useful resources to aid you in drafting an effective insurance policy and procedure for your company. The Data Protection in the Insurance Industry Checklist serves as an outline of important steps that you will need to take to remain compliant. These steps will cover data collection practices, privacy policies, implementation of training, risk assessment, and vendor management.
The Impact of New York Insurance Laws and Regulations on Cybersecurity Video discusses the regulation of data protection for insurers in New York. New York’s unique approach will have lasting impacts on how the rest of the states follow suit with future regulation.
With Lexis+® General Counsel Suite, you can strengthen your work with specialized content through the Insurance practice area, plus leverage practice notes, automated templates, resource kits and more — all while monitoring industry shifts with breaking business and legal news. Try it out with a 7-day free trial.