The National Association of Insurance Commissioners (NAIC) is a US-based non-profit organization governed by the chief insurance regulators from the 50 states, the District of Columbia, and five US territories. In addition to preserving the financial security and solvency of the insurance business, one of NAIC’s main goals is to advance and safeguard the interests of insurance consumers by developing model laws for passage by the state legislatures. One of the several model laws developed by the NAIC to safeguard consumer data privacy and protection is the Standards for Safeguarding Customer Information Model Regulation (Model 673).
Model 673 establishes standards for the insurers licensed, authorized, or registered under state insurance laws (licensees) to develop and implement administrative, technical, and physical safeguards for protecting customer information's security, confidentiality, and integrity pursuant to sections 501, 505(b), and 507 of the federal Gramm-Leach-Bliley Act. Under Model 673, the licensees are required to implement a comprehensive written information security program, regularly assess the foreseeable internal and external threats to the protection of customer information, and keep the information security program updated in light of changing technology and other relevant factors.
Model 673 has been adopted by several US states, including Alabama, Alaska, Arizona, California, Colorado, Connecticut, Delaware, Florida, Illinois, Iowa, Maine, Minnesota, Missouri, Montana, Nebraska, New Jersey, New York, Oregon, Utah, Virginia, Wyoming and others.
