Announcing Agent Commander - The First Integrated solution from Veeam + Securiti.ai enabling the scaling of safe AI agents

View
Contact Us See a demo

US NAIC 670 – Insurance Information and Privacy Protection Model Act

Operationalize US NAIC 670 compliance with the most comprehensive PrivacyOps platform

Last Updated on September 29, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The National Association of Insurance Commissioners (NAIC) in the United States has developed several model rules and regulations that govern the insurance industry. This includes the NAIC Model Regulation 670, a model law - “US NAIC 670 – Insurance Information and Privacy Protection Model Act.” US NAIC 670 is included in the set of four primary model NAIC laws: the model Insurance Information and Privacy Protection Act (#670), the Insurance Data Security model law (#668), the model Privacy of Consumer Financial and Health Information Regulation (#672), or the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions by insurance institutions, agents, or insurance support organizations.

Many US states, including Arizona, California, Connecticut, Georgia, Illinois, Maine, Massachusetts, Nevada, New Jersey, North Carolina, Ohio, Oregon, and Virginia, have adopted the model Insurance Information and Privacy Protection Act (#670). The states of Kansas and Minnesota have adopted/incorporated some of the portions, while the state of Montana has adopted 670 as well as regulatory provisions implementing the Act.

The US NAIC 670 outlines guidelines for how insurance institutions, agents, and insurance support organizations must collect, utilize, and disclose data related to insurance transactions to strike a balance between those conducting the insurance business' need for information and the public's requirement for fairness in those activities' use of insurance information, including a need to minimize intrusion; to provide a legal framework that will allow individuals to know what information is being or has been obtained about them in connection with insurance transactions and to have access to that information to confirm or challenge its accuracy; and to restrict how information obtained for insurance transactions is shared, and to make it possible for insurance applicants and policyholders to understand the motives behind any unfavorable underwriting decisions.

The obligations of this Act shall apply to those insurance institutions, agents, or insurance support organizations which, on or after the effective date of this Act:

In the case of life, health, and disability insurance: (a) Collect, receive, or maintain information in connection with insurance transactions that pertain to natural persons who are residents of this state or (b) Engage in insurance transactions with applicants, individuals, or policyholders who are residents of this state, and

In the case of property or casualty insurance: (a) Collect, receive, or maintain information in connection with insurance transactions involving policies, contracts, or certificates of insurance delivered, issued for delivery, or renewed in this state, or (b) Engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this state.

The Solution

Securiti enables organizations to comply with US NAIC 670 – Insurance Information and Privacy Protection Model Act through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with US NAIC 670 – Insurance Information and Privacy Protection Model Act through automation, enhanced data visibility, and identity linking.

 

us naic compliance solution

Request a demo to learn how Securiti can aid you and your organization's compliance efforts today.

Assess US NAIC 670 Readiness

US NAIC 670

Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with NAIC 670 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.

US NAIC 670 Readiness assessment
us naic Privacy Notice Management

Automate Privacy Notice Creation & Management

US NAIC 670 Sections: 4, 7

Securiti's Privacy Notice Creation and Management module enables organizations to provide a notice of information practices. Privacy notices can be provided when personal information is being collected from individuals, including details on the purposes of data collection, the types of personal information, and a description of the rights of individuals.

Universal Consent Management

US NAIC 670 Sections: 6, 13(A)

Securiti's Universal Consent Management enables organizations to obtain consent/written authorization from individuals to disclose their personal or privileged information concerning an insurance transaction and other data processing activities.

Universal Consent Management
us naic right to access

Automate Right to Access Information

US NAIC 670 Sections: 8, 7(A)(2)

Securiti's Data Subject Rights Fulfillment enables organizations to provide access to recorded personal information to individuals upon their request. Individuals can make a written request to access their recorded personal information, medical-record information, as well as the identity of the medical professional or medical care institution, and as per the NAIC 670, organizations must honor an individual's request within thirty (30) business days from the date such request is received. Organizations can also utilize DSR automation to enable individuals to receive a copy of their investigative consumer reports.

Automate the Right to Correction, Amendment, or Deletion

US NAIC 670 Section: 9

Securiti's Data Subject Rights Fulfillment enables organizations to honor an individual's request to correct, amend, or delete their recorded personal information.

right to delete

Key Facts about US NAIC 670 – Insurance Information and Privacy Protection Model Act

1

Under NAIC 670, individuals have the right to request access to recorded personal information, disclosure of the insurer's identity, the source of collected information, and the right to amend and delete the collected personal information.

2

The insurer is obligated to provide a written notice on collecting personal information.

3

The insurance institution, agent, or insurance support organization has an obligation not to disclose any personal or privileged information about an individual without the written authorization of the individual unless certain exceptions apply.

4

In addition to issuing a cease and desist order, the Commissioner may order payment of a monetary penalty of not more than $500 for each violation but not to exceed $10,000 in total for multiple violations when a hearing results in the finding of a knowing violation of this Act.

5

Any person who disregards a cease-and-desist order issued by the Commissioner may face one or more penalties at the Commissioner's discretion, following notice and hearing, including (1) A monetary fine of not more than $10,000 for each violation; (2) If the Commissioner determines that offenses have happened frequently enough to qualify as a regular business practice, a monetary penalty of no more than $50,000; license suspension or revocation for insurance institution or agent license.

Analyze this article with AI

ChatGPT Claude Perplexity Grok
Prompts open in third-party AI tools.
IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
Please enter a minimum of 3 characters to begin your search.

Type

Videos
View More
March 9, 2026
Rehan Jalil, Veeam on Agent Commander : theCUBE + NYSE Wired: Cyber Security Leaders
Following Veeam’s acquisition of Securiti, the launch of Agent Commander marks an important step toward helping enterprises adopt AI agents with greater confidence. In...
View More
January 20, 2025
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
January 15, 2025
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
January 2, 2025
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
December 24, 2024
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
November 1, 2024
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
October 29, 2024
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
August 12, 2024
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
June 3, 2024
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
January 29, 2024
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 50:52
From Data to Deployment: Safeguarding Enterprise AI with Security and Governance
Watch Now View
Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Latest
View More
February 24, 2026
Introducing Agent Commander
The promise of AI Agents is staggering— intelligent systems that make decisions, use tools, automate complex workflows act as force multipliers for every knowledge...
Risk Silos: The Biggest AI Problem Boards Aren’t Talking About View More
February 18, 2026
Risk Silos: The Biggest AI Problem Boards Aren’t Talking About
Boards are tuned in to the AI conversation, but there’s a blind spot many organizations still haven’t named: risk silos. Everyone agrees AI governance...
Largest Fine In CCPA History_ What The Latest CCPA Enforcement Action Teaches Businesses View More
February 23, 2026
Largest Fine In CCPA History: What The Latest CCPA Enforcement Action Teaches Businesses
Businesses can take some vital lessons from the recent biggest enforcement action in CCPA history. Securiti’s blog covers all the important details to know.
View More
February 19, 2026
AI & HIPAA: What It Means and How to Automate Compliance
Explore how the Health Insurance Portability and Accountability Act (HIPAA) applies to Artificial Intelligence (AI) in securing Protected Health Information (PHI). Learn how to...
View More
March 31, 2026
From Data Visibility to AI Velocity
Access the whitepaper and discover how unified DataAI security turns data governance into a business enabler, boosting AI innovation with visibility, compliance, and risk...
View More
March 26, 2026
EU Data Act Implementation Guide: Handling Data Access, Data Sharing, & Cloud Switching Requests
Securiti's whitepaper provides a detailed implementation guide to achieve Data Act compliance, making it essential reading for businesses operating with data in the EU.
Compliance with CCPA Amendments with Securiti View More
March 31, 2026
Compliance with CCPA Amendments with Securiti
Stay compliant with 2026 CCPA amendments using Securiti, covering updated consent requirements, expanded sensitive data definitions, enhanced consumer rights, and readiness assessments.
View More
March 31, 2026
Where Privacy Breaks: Agentic AI in the Enterprise
Agentic AI is transforming enterprises, but at what cost to privacy? Discover the top 10 risks, key controls, and how Securiti enables safe, scalable...
View More
February 18, 2026
Take the Data Risk Out of AI
Learn how to prepare enterprise data for safe Gemini Enterprise adoption with upstream governance, sensitive data discovery, and pre-index policy controls.
View More
December 22, 2025
Navigating HITRUST: A Guide to Certification
Securiti's eBook is a practical guide to HITRUST certification, covering everything from choosing i1 vs r2 and scope systems to managing CAPs & planning...
What's
New