IDC Names Securiti a Worldwide Leader in Data PrivacyView
Last Updated on September 29, 2023
The National Association of Insurance Commissioners (NAIC) in the United States has developed several model rules and regulations that govern the insurance industry. This includes the NAIC Model Regulation 670, a model law - “US NAIC 670 – Insurance Information and Privacy Protection Model Act.” US NAIC 670 is included in the set of four primary model NAIC laws: the model Insurance Information and Privacy Protection Act (#670), the Insurance Data Security model law (#668), the model Privacy of Consumer Financial and Health Information Regulation (#672), or the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions by insurance institutions, agents, or insurance support organizations.
Many US states, including Arizona, California, Connecticut, Georgia, Illinois, Maine, Massachusetts, Nevada, New Jersey, North Carolina, Ohio, Oregon, and Virginia, have adopted the model Insurance Information and Privacy Protection Act (#670). The states of Kansas and Minnesota have adopted/incorporated some of the portions, while the state of Montana has adopted 670 as well as regulatory provisions implementing the Act.
The US NAIC 670 outlines guidelines for how insurance institutions, agents, and insurance support organizations must collect, utilize, and disclose data related to insurance transactions to strike a balance between those conducting the insurance business' need for information and the public's requirement for fairness in those activities' use of insurance information, including a need to minimize intrusion; to provide a legal framework that will allow individuals to know what information is being or has been obtained about them in connection with insurance transactions and to have access to that information to confirm or challenge its accuracy; and to restrict how information obtained for insurance transactions is shared, and to make it possible for insurance applicants and policyholders to understand the motives behind any unfavorable underwriting decisions.
The obligations of this Act shall apply to those insurance institutions, agents, or insurance support organizations which, on or after the effective date of this Act:
In the case of life, health, and disability insurance: (a) Collect, receive, or maintain information in connection with insurance transactions that pertain to natural persons who are residents of this state or (b) Engage in insurance transactions with applicants, individuals, or policyholders who are residents of this state, and
In the case of property or casualty insurance: (a) Collect, receive, or maintain information in connection with insurance transactions involving policies, contracts, or certificates of insurance delivered, issued for delivery, or renewed in this state, or (b) Engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this state.
Securiti enables organizations to comply with US NAIC 670 – Insurance Information and Privacy Protection Model Act through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with US NAIC 670 – Insurance Information and Privacy Protection Model Act through automation, enhanced data visibility, and identity linking.
US NAIC 670
Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with NAIC 670 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.
US NAIC 670 Sections: 4, 7
Securiti's Privacy Notice Creation and Management module enables organizations to provide a notice of information practices. Privacy notices can be provided when personal information is being collected from individuals, including details on the purposes of data collection, the types of personal information, and a description of the rights of individuals.
US NAIC 670 Sections: 6, 13(A)
Securiti's Universal Consent Management enables organizations to obtain consent/written authorization from individuals to disclose their personal or privileged information concerning an insurance transaction and other data processing activities.
US NAIC 670 Sections: 8, 7(A)(2)
Securiti's Data Subject Rights Fulfillment enables organizations to provide access to recorded personal information to individuals upon their request. Individuals can make a written request to access their recorded personal information, medical-record information, as well as the identity of the medical professional or medical care institution, and as per the NAIC 670, organizations must honor an individual's request within thirty (30) business days from the date such request is received. Organizations can also utilize DSR automation to enable individuals to receive a copy of their investigative consumer reports.
US NAIC 670 Section: 9
Securiti's Data Subject Rights Fulfillment enables organizations to honor an individual's request to correct, amend, or delete their recorded personal information.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
300 Santana Row Suite 450. San Jose,