The American Bankers Association today submitted comments to the National Association of Insurance Commissioners on its draft of the insurance data security model law, which would establish data security and data breach notification standards for insurance licensees (insurers and insurance agencies). ABA requested that the association add language to the draft stating that bank-affiliated insurance agencies be considered in compliance with the model law if their bank affiliates are in compliance with existing interagency data security standards.
ABA noted that the proposed model law for insurance licensees is very similar to existing guidance already followed by banks, and that in most cases, banks and their affiliated insurance agencies use the same information system to manage their customer data. By adding the proposed language, bank-affiliated insurance agencies would be allowed to comply with one set of requirements regarding cybersecurity, ABA said.
In addition, ABA requested that the model law be revised to allow insurance licensees more time to report a cybersecurity event to an insurance regulator. As currently drafted, they have only 72 hours to report an incident. For more information, contact ABA’s Sarah Ferman.