IDC Names Securiti a Worldwide Leader in Data Privacy


NAIC Model 672 – Privacy of Consumer Financial and Health Information Regulation

Operationalize US NAIC 672 compliance with the most comprehensive PrivacyOps platform

Last Updated on October 10, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


The National Association of Insurance Commissioners (NAIC) is a US-based non-profit organization governed by the chief insurance regulators from the 50 states, the District of Columbia, and five US territories. In addition to preserving the financial security and solvency of the insurance business, one of NAIC’s main goals is to advance and safeguard the interests of insurance consumers by developing model laws for passage by the state legislatures. One of the several model laws developed by the NAIC to safeguard consumer data privacy and protection is the Privacy of Consumer Financial and Health Information Regulation (Model 672).

Model 672 regulates the handling of nonpublic personal financial information and nonpublic personal health information of individuals (protected private information) by insurers licensed, authorized, or registered under state insurance laws (licensees). Under Model 672, the licensees are required to provide the individuals with privacy notices, comply with different disclosure requirements with respect to the protected private information of individuals, and provide the individuals with opt-out notices to enable them to prevent the disclosure of their information.

Model 672 has been adopted by several US states, including Alabama, Alaska, California, Colorado, Connecticut, Delaware, Florida, Kentucky, Illinois, Indiana, Iowa, Kansas, Louisiana, Maryland, South Carolina, Texas, Tennessee, Utah, Vermont, Washington, and others.

The Solution

Securiti enables organizations to comply with Model 672 through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with Model 672 through automation, enhanced data visibility, and identity linking.


US California CCPA

Request a demo to learn how Securiti can aid you and your organization's compliance efforts today.

Assess Model 672 Readiness

Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with Model 672 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.

Assess GDPR readiness
data erasure request

Automate Right to Opt-Out

Sections: 8A(1), 8F, 19C

With Securiti's Data Subject Rights Fulfillment capabilities, organizations can effectively honor a consumer's request to opt-out of the disclosure of protected private information.

Automate Opt-Out Notices and Authorizations

Sections: 8A(1), 8A(2)(b), 17B, 19A, 20

Securiti's Universal Consent Management enables organizations to obtain consent/written authorization from individuals to disclose their protected private information.

Automate Privacy Notice Creation & Management

Sections 672: 5A, 6A(1), 7A, 7D, 8A(1), 9A(1), 11(A), 10
Appendix B

Securiti's Privacy Notice Creation and Management module enables organizations to create, publish, and dynamically update their privacy notices in compliance with Model 672.

Key Facts about the NAIC Model 672


Privacy notice: Model 672 requires the licensees to provide the consumers with clear and conspicuous notices that accurately reflect their privacy policies and practices. In addition to initial notices, licensees must also provide their customers with updated privacy notices at least annually.


Disclosure of protected private information: Model 672 prohibits the licensees from disclosing consumers' nonpublic personal financial information with non-affiliated third parties unless they provide the consumers with a privacy notice, opt-out notice, and reasonable opportunity to opt-out.


Opt-out notice: The opt-out notice provided by a licensee to a consumer must cover the licensee’s right to disclose the protected private information of consumers with non-affiliated third parties, the consumers’ right to opt-out of such disclosure, and the reasonable means through which consumers can exercise their right to opt-out of such disclosure.


Authorization for disclosure: Model 672 requires the licensees to obtain valid written or electronic authorization from consumers before disclosing their nonpublic personal health information.


Non-discrimination: Model 672 expressly prohibits licensees from unfair discrimination against consumers based on their exercise of the right to opt-out of disclosure of protected private information.

Forrester Names Securiti a Leader in the Privacy Management Wave Q4, 2021

Read the Report
Forrester Wave

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
IDC MarketScape

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend