Topic: Privacy/Data Security/Cyber Risk

NAIC H Committee Pre-Fall National Meeting

This coming Friday the Big Data & Artificial Intelligence (H) Working Group, the Privacy ‎Protections (H) Working Group, and the Innovation, Cybersecurity, and Technology (H) ‎Committee will all meet as part of the Fall National Meeting of the National Association of ‎Insurance Commissioners (“NAIC”) in Orlando, Florida. Data use, data retention, and artificial ‎intelligence (“AI”) will be the big topics at the Fall National Meeting. Other H Committee ‎affiliated working groups will not be meeting at the Fall National Meeting; however, those ‎working groups met earlier over the fall and are moving their workstreams forward.‎

Read More

Colorado Proposes Guidance Bulletins for Life Algorithms & Predictive ‎Models Regulation

On November 20, 2023, the Division of Insurance of the Colorado Department of Regulatory Agencies (“DORA”), published for a 9 day public comment period two proposed bulletins which would provide clarifying guidance on the implementation of Colorado Insurance Regulation 10-1-1: Governance of Risk Management Framework Requirements for Life Insurer’s Use of External Consumer Data and Information Sources, Algorithms, and Predictive Models, which was adopted in September 2023 pursuant to SB21-169.

Read More

NAIC’s Work on Privacy Model Grinds On

The NAIC’s Privacy Protections (H) Working Group met over the weekend as part of the NAIC’s Summer National Meeting. The working group announced that later in the year it will seek an extension on its efforts to create a unified privacy model act (#674) which will likely push back final adoption into sometime next year. Multiple states have publicly announced that they will not support the current proposed Version 1.2, and at least one state referred to it as fundamentally flawed. The opposed states do not want to move forward with the current version. The Chair announced that the working group will continue to receive public comments while it digests comments previously received and continues the direct one-on-one outreach to companies and trades.

Read More

NAIC Picking Up Steam as it Drafts New Privacy Model

Since the NAIC Spring National Meeting in late March, the Privacy Protections (H) Working Group has continued its work to draft a new unitary privacy model. Over April, the Working Group met one-on-one with industry and interested parties. Since then, the Working Group met twice to receive public comments on discrete topics. The Working Group will ratchet up that level of activity with two full days of in-person public drafting sessions, starting this week. The Working Group plans to circulate a new full draft by the end of the month followed by three more meetings to receive public comments before the Summer National Meeting in August.

Read More

NAIC Privacy Protections Working Group Moves Forward to Revise Consumer Privacy ‎‎Protections Model Act

The NAIC is developing a new Consumer Privacy Protections Model Act (# 674) which will ‎replace the preexisting Insurance Information & Privacy Protection Model Act (# 670) and ‎Privacy of Consumer Financial & Health Information Regulation (# 672).‎ ‎ The Working Group ‎exposed its first draft on January 31 for a 60-day public comment period which closes April 3. ‎Yesterday at the NAIC Spring National Meeting, the Working Group adopted a work plan which ‎lays out a detailed schedule across the spring and summer for regulatory only meetings, ‎consultations with industry, and open sessions, including public comment periods and final ‎approval at the Fall National Meeting in December. ‎

Read More

A New Type of ILS Investment – Cyber Insurance CAT Bonds

Specialty insurer Beazley sponsored the first Cyber Insurance Catastrophe (CAT) bond recently, a new type of ILS or insurance linked security issued by a Bermuda entity. They announced the $45 million private placement on January 9, 2023. The bonds provide investors with a generous floating rate of interest and a return of principal in one year, provided that no single catastrophic event occurs across Beazley’s portfolio of cyber insurance policies that results in more than $300 million of losses. Any losses above $300 million incurred by Beazley on those policies as a result of that one event would be absorbed by the investors, up to the $45 million principal amount. The deal was marketed under an NDA, so not all of the details are available, but the bonds will not protect against losses from a state-sponsored cyberattack, which is typically excluded from cyber insurance policies as an act of war.

Read More




Email the Editor

Click here to Email the Editor

Locke Lord LLP

For the latest information about our Firm visit