As the insurance industry's standard-setting body plows ahead on a model law outlining how insurers must safeguard consumers' information and respond in the event of a data breach, experts say it will encounter resistance from insurers challenging the proposal's breach notification requirements and consumer groups looking for stronger policyholder protections.
The National Association of Insurance Commissioners is collecting public comments through mid-September on a revised draft of the insurance data security model law, which is designed to set exclusive standards for information security and data breach notification practices for insurance companies, agents and brokers. Since the model law was first rolled out in March, it has drawn intense criticism, with some insurance sector representatives decrying what they say are overly stringent notice requirements and consumer advocates expressing concerns that the proposal offers narrower protections for breach victims than existing state privacy laws.
While the NAIC's revisions have assuaged some of that unease, experts say heated debate will continue on the model law, which regulators are aiming to finalize by year's end.