[ad_1]
The Nationwide Affiliation of Insurance coverage Commissioners (“NAIC”) will convene subsequent month in Phoenix, Arizona, for its Spring Nationwide Assembly. The Innovation, Cybersecurity, and Expertise (H) Committee (the “H Committee”) and its working teams are ratcheting up their work in anticipation of subsequent month’s nationwide assembly. Earlier this week the NAIC introduced that points pertaining to the usage of AI by insurers and cyber threat are amongst its 2024 Strategic Priorities whereas two H Committee working teams uncovered separate know-how associated deliverables for public remark intervals closing subsequent month earlier than the Spring Nationwide Assembly.
Public Exposures
Among the many particular 2024 Strategic Priorities recognized is completion of the Cybersecurity Event Response Plan (“CERP”). The aim of the CERP is to assist state insurance coverage regulators following receipt of discover of a cybersecurity occasion[1] by an insurance coverage licensee, together with a draft notification kind, which if embraced by states might considerably simplify cybersecurity occasion reporting. The most important modifications within the present uncovered draft from the prior draft is the deletion of lead state language which was decided to be inconsistent with the necessities of the Insurance Data Security Model Law (#668) (“Mannequin 668”). The aim behind the beforehand proposed lead state regulator provisions was to deal with the challenges licensees face as they need to present functionally simultaneous discover to a number of state regulators as required beneath Part 6B of Mannequin 668.[2] The Cybersecurity (H) Working Group has uncovered the revised CERP for a public remark interval ending Tuesday March 5 within the hope that it might be adopted on the Spring Nationwide Assembly.
Individually, the E-Commerce (H) Working Group has uncovered for a public remark interval ending Thursday March 14, 2014, a revised E-Commerce Modernization Guide. This working group has been engaged on this merchandise for a pair years now. Actually, a part of the impetus for this challenge was to look at exceptions granted throughout the pandemic for consideration as everlasting reforms, reminiscent of digital signatures and digital notices. Trade commenters are typically supportive of the draft information although a number of commenters expressed a choice for a proper bulletin or steerage.
Strategic Priorities
As reported above, finalizing the CERP is an H Committee precedence for 2024. Amongst different priorities are monitoring and supporting adoption of the Model Bulletin on the Use of Artificial Intelligence Systems by Insurers, adopted final December. According to this aim, is the creation of a brand new process pressure, the Third-Get together Information and Fashions (H) Activity Pressure, which has 25 members, is chaired by Colorado, and can meet on the Spring Nationwide Assembly. The Cybersecurity and Large Information & Synthetic Intelligence working teams can even meet on the Spring Nationwide Assembly. The E-Commerce (H) Working Group, Expertise, Innovation, and InsurTech (H) Working Group, and the Privateness Protections (H) Working Group will not be scheduled to fulfill on the Spring Nationwide Assembly. The latter working group spent final yr engaged on a proposed unitary privateness mannequin, which might primarily merge and replace two separate preexisting privateness fashions which might apply throughout insurance coverage enterprise strains. The way forward for the proposed unitary privateness mannequin is unsure at the moment.
Locke Lord will proceed to watch developments throughout the H Committee and its process forces and dealing teams. You probably have any questions, please attain out to the writer or your Locke Lord accomplice.
[1] “Cybersecurity Occasion” means an occasion leading to unauthorized entry to, distribution or misuse of, an Info System or data saved on such Info System.
The time period “Cybersecurity Occasion” doesn’t embrace the unauthorized acquisition of Encrypted Nonpublic Info if the encryption, course of or key just isn’t additionally acquired, launched or used with out authorization.
Cybersecurity Occasion doesn’t embrace an occasion with regard to which the Licensee has decided that the Nonpublic Info accessed by an unauthorized individual has not been used or launched and has been returned or destroyed.
Mannequin 668 Part 3D.
[2] The NAIC is contemplating different technique of lessening the reporting burden on licensees whereas defending confidentiality. One possibility into account is a course of for licensees to report back to the NAIC which might then distribute to the state regulators. This course of can be conceptually just like the style wherein insurance coverage carriers presently submit annual statements and RBC statements to the NAIC as a central useful resource for state regulators.
[ad_2]
