IDC Names Securiti a Worldwide Leader in Data PrivacyView
Last Updated on September 25, 2023
The "Insurance Data Security Model Law," or NAIC Model Regulation 668, was developed by the National Association of Insurance Commissioners (NAIC) in the United States. This model law establishes cybersecurity standards and requirements for insurance companies to protect nonpublic information's confidentiality, integrity, and availability.
The NAIC Model 668 applies to licensees who are defined as persons licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of the state but shall not include a purchasing group or risk retention group chartered and licensed in a state other than this state or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.
The NAIC Model Regulation 668 acts as a model or template that other U.S. states can use as a starting point for developing their own regulatory frameworks. As a result, each state may vary in terms of specific requirements and details of the regulation.
The NAIC Model Regulation 668 is one of the four primary model NAIC Laws. The other three laws are the model Insurance Information and Privacy Protection Act (#670), the model Privacy of Consumer Financial and Health Information Regulation (#672), and the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions made by insurance institutions, agents, or insurance support organizations. The NAIC Model Regulation 668 imposes cybersecurity obligations concerning personally identifiable information.
The NAIC Model 668 has been adopted by several US states, including Alabama, Connecticut, Delaware, Indiana, Iowa, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, New Hampshire, New York, North Dakota, South Carolina, Tennessee, Virginia, Wisconsin, and Ohio.
Securiti enables organizations to comply with US NAIC 668 – Insurance Data Security Model Law through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with US NAIC 668 – Insurance Data Security Model Law through automation, enhanced data visibility, and identity linking.
US NAIC 668 Section: 2
Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with NAIC 668 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.
US NAIC 668 Sections: 4(H), 6
Securiti's Breach Management enables organizations to create an incident response plan to respond effectively to security incidents that compromise the confidentiality, integrity, or availability of information. It assists organizations in making breach notifications to relevant stakeholders as per the requirements of the industry law and applicable laws.
US NAIC 668 Section: 5
Securiti's Assessment Automation allows organizations to assess the nature and scope of security incidents with the help of breach and breach risk severity assessments. The assessments facilitate organizations to identify what information has been breached, restore security, take reasonable measures in order to protect any unauthorized acquisition or disclosure of information and identify which parties are required to be notified of the breach.
US NAIC 668 Sections: 4(C), 4(F)
Securiti's Assessment Automation enables organizations to assess safeguards in place for protecting data and associated risks and assess and mitigate third-party risks.
US NAIC 668 Sections: 4(C)(5), 4(D)
Securiti's Data Security Posture Management module allows organizations to identify and implement appropriate security controls.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
300 Santana Row
San Jose, CA 95128