Insurance Data Security Model

The NAIC is a standard-setting and regulatory support organization consisting of the top insurance regulators from the 50 states, District of Columbia, and five U.S. territories. The NAIC formally adopted the model law in October 2017.

“(1) A Licensee shall exercise due diligence in selecting its Third-Party Service Provider; and
(2) A Licensee shall require a Third-Party Service Provider to implement appropriate administrative,
technical, and physical measures to protect and secure the Information Systems and Nonpublic
Information that are accessible to, or held by, the Third-Party Service Provider.“