IDC Names Securiti a Worldwide Leader in Data PrivacyView
Customers are increasingly concerned and vigilant about their sensitive data. Naturally, they expect any organization they trust with such data to undertake every possible measure on their part to protect such data.
The Standards for Safeguarding Customer Information Model Regulation (Regulation) is a set of guidelines issued by the National Association of Insurance Commissioners (NAIC) - a US-based non-profit standard-setting organization governed by the chief insurance regulators from the 50 states, the District of Columbia, and five US territories. The Regulation provides vital standards that organizations can adopt to guarantee the confidentiality and integrity of all non-public personal information of their customers.
Several US states, including Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, and others, have adopted the Regulation so far.
Read on to learn more about what obligations it places on organizations and the best tools that can be leveraged to address these obligations.
The Regulation establishes standards for the insurers licensed, authorized, or registered under state insurance laws (licensees) to develop and implement administrative, technical, and physical safeguards for protecting customer information's security, confidentiality, and integrity pursuant to sections 501, 505(b), and 507 of the federal Gramm-Leach-Bliley Act.
Additionally, the Regulation also applies to insurance agents, brokers, and third-party service providers that work with such organizations and individuals and have access to the non-public personal information of customers.
Here are definitions for some critical terms mentioned in the Regulation:
Any non-public personal information about a customer in any electronic or non-electronic format maintained by or on behalf of a licensee.
Licensee refers to all licensed insurers, producers, and other persons licensed or required to be licensed, authorized, or required to be authorized, registered, or required to be registered. This does not include a purchasing group or an unauthorized insurer.
A service provider maintains, processes, or otherwise is permitted access to customer information by providing services directly to the licensee.
Here are the obligations of each licensee per the Regulation:
Licensees are required to implement a comprehensive information security program. This program should include all relevant administrative, technical, and physical safeguards for the protection of customer information. All such administrative, technical, and physical safeguards should be appropriate per the size and complexity of the licensee’s scope of activities.
Additionally, the information security program should be designed in such a way that it:
The licensees must also monitor, evaluate, and adjust their information security program owing to any changes in technology, the sensitivity of customer information, the emergence of new internal and external threats to information, and their own business situations such as mergers, acquisitions, alliances, and joint ventures, that may directly impact the customer information system.
The Regulation requires the licensees to:
The licensees are required to:
The Regulation mandates the licensees to:
Securiti is the pioneer of the Data Command Center, a centralized platform that enables the safe use of data and GenAI. It provides unified data intelligence, controls, and orchestration across hybrid multicloud environments. Large global enterprises rely on Securiti's Data Command Center for data security, privacy, governance, and compliance solutions.
These solutions, such as vendor risk assessment, breach management, access governance, assessment automation that automate the records of processing (RoPA) reports, privacy impact assessments, and data protection impact assessments, will prove vital for any organization aiming to comply with the Standards for Safeguarding Customer Information Model Regulation.
Request a demo today and learn more about how Securiti can help you in this compliance journey.