Securiti AI Launches Context-Aware LLM Firewalls to Secure GenAI Applications
ViewLast Updated on September 29, 2023
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Looks like this email is already registered with an existing account.
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
The National Association of Insurance Commissioners (NAIC) in the United States has developed several model rules and regulations that govern the insurance industry. This includes the NAIC Model Regulation 670, a model law - “US NAIC 670 – Insurance Information and Privacy Protection Model Act.” US NAIC 670 is included in the set of four primary model NAIC laws: the model Insurance Information and Privacy Protection Act (#670), the Insurance Data Security model law (#668), the model Privacy of Consumer Financial and Health Information Regulation (#672), or the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions by insurance institutions, agents, or insurance support organizations.
Many US states, including Arizona, California, Connecticut, Georgia, Illinois, Maine, Massachusetts, Nevada, New Jersey, North Carolina, Ohio, Oregon, and Virginia, have adopted the model Insurance Information and Privacy Protection Act (#670). The states of Kansas and Minnesota have adopted/incorporated some of the portions, while the state of Montana has adopted 670 as well as regulatory provisions implementing the Act.
The US NAIC 670 outlines guidelines for how insurance institutions, agents, and insurance support organizations must collect, utilize, and disclose data related to insurance transactions to strike a balance between those conducting the insurance business' need for information and the public's requirement for fairness in those activities' use of insurance information, including a need to minimize intrusion; to provide a legal framework that will allow individuals to know what information is being or has been obtained about them in connection with insurance transactions and to have access to that information to confirm or challenge its accuracy; and to restrict how information obtained for insurance transactions is shared, and to make it possible for insurance applicants and policyholders to understand the motives behind any unfavorable underwriting decisions.
The obligations of this Act shall apply to those insurance institutions, agents, or insurance support organizations which, on or after the effective date of this Act:
In the case of life, health, and disability insurance: (a) Collect, receive, or maintain information in connection with insurance transactions that pertain to natural persons who are residents of this state or (b) Engage in insurance transactions with applicants, individuals, or policyholders who are residents of this state, and
In the case of property or casualty insurance: (a) Collect, receive, or maintain information in connection with insurance transactions involving policies, contracts, or certificates of insurance delivered, issued for delivery, or renewed in this state, or (b) Engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this state.
Securiti enables organizations to comply with US NAIC 670 – Insurance Information and Privacy Protection Model Act through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with US NAIC 670 – Insurance Information and Privacy Protection Model Act through automation, enhanced data visibility, and identity linking.
Request a demo to learn how Securiti can aid you and your organization's compliance efforts today.
US NAIC 670
Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with NAIC 670 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.
US NAIC 670 Sections: 4, 7
Securiti's Privacy Notice Creation and Management module enables organizations to provide a notice of information practices. Privacy notices can be provided when personal information is being collected from individuals, including details on the purposes of data collection, the types of personal information, and a description of the rights of individuals.
US NAIC 670 Sections: 6, 13(A)
Securiti's Universal Consent Management enables organizations to obtain consent/written authorization from individuals to disclose their personal or privileged information concerning an insurance transaction and other data processing activities.
US NAIC 670 Sections: 8, 7(A)(2)
Securiti's Data Subject Rights Fulfillment enables organizations to provide access to recorded personal information to individuals upon their request. Individuals can make a written request to access their recorded personal information, medical-record information, as well as the identity of the medical professional or medical care institution, and as per the NAIC 670, organizations must honor an individual's request within thirty (30) business days from the date such request is received. Organizations can also utilize DSR automation to enable individuals to receive a copy of their investigative consumer reports.
US NAIC 670 Section: 9
Securiti's Data Subject Rights Fulfillment enables organizations to honor an individual's request to correct, amend, or delete their recorded personal information.
Under NAIC 670, individuals have the right to request access to recorded personal information, disclosure of the insurer's identity, the source of collected information, and the right to amend and delete the collected personal information.
The insurer is obligated to provide a written notice on collecting personal information.
The insurance institution, agent, or insurance support organization has an obligation not to disclose any personal or privileged information about an individual without the written authorization of the individual unless certain exceptions apply.
In addition to issuing a cease and desist order, the Commissioner may order payment of a monetary penalty of not more than $500 for each violation but not to exceed $10,000 in total for multiple violations when a hearing results in the finding of a knowing violation of this Act.
Any person who disregards a cease-and-desist order issued by the Commissioner may face one or more penalties at the Commissioner's discretion, following notice and hearing, including (1) A monetary fine of not more than $10,000 for each violation; (2) If the Commissioner determines that offenses have happened frequently enough to qualify as a regular business practice, a monetary penalty of no more than $50,000; license suspension or revocation for insurance institution or agent license.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
