All Things Newz
Law \ Legal

US NAIC Summer 2022 National Meeting Key Takeaways: Innovation, Cybersecurity, And Technology – Insurance Laws and Products

To print this article, all you need is to be registered or login on

At the Summer 2022 National Meeting of the US National
Association of Insurance Commissioners (“NAIC”), the
Innovation, Cybersecurity, and Technology (H) Committee (“ICT
Committee”) and two of its subgroups—the Privacy
Protections (H) Working Group (“PP Working Group”) and
the Big Data and Artificial Intelligence (H) Working Group
(“BDAI Working Group”)—met. The focus of the ICT
Committee and its working groups spans significant areas of
development and innovation in the insurance industry; accordingly,
they are carrying on work on multiple fronts that will affect the
insurance business in coming years. Below are highlights from the

Privacy Protections (H) Working Group

The PP Working Group met on August 9, 2022, and heard updates on
state and federal privacy legislation. Currently five US states
have passed comprehensive data privacy laws—California,
Colorado, Connecticut, Virginia, and Utah. In addition, six US
jurisdictions have pending data privacy legislation. However, given
that these bills are still in their committees of origin, there has
not been much movement with respect to them. At the federal level,
on July 20, 2022, the House Energy and Commerce Committee passed
the American Data Privacy and Protection Act (“ADPPA”).
The PP Working Group highlighted that, under the current draft of
the ADPPA, entities subject to the Gramm-Leach-Bliley Act
(“GLBA”) and the Health Insurance Portability and
Accountability Act (“HIPAA”) are not exempt but, rather,
are deemed to comply with the ADPPA if they comply with the GLBA or
HIPAA, as applicable.

The PP Working Group also received an update from the drafting
group of the white paper on Consumer Data Ownership and Use, which
is expected to be exposed for public comment in December 2022. The
white paper will cover current and historical work by the NAIC with
respect to data, data usage, and data protection; a history of laws
at the NAIC, federal, and state levels with respect to data, data
usage, and data protection; the different types of data, with a
particular focus on personal data; how consumers’ personal data
is collected, used, and processed in insurance transactions; the
legal and economic construct of data and how it differs from other
types of property; recommendations on who is the owner, if anyone,
of data in insurance transactions; and expectations with respect to
data usage and data protections.

Finally, the PP Working Group requested approval to begin work
on amending the NAIC’s Insurance Information and Privacy
Protection Model Act
(#670) and the NAIC’s Privacy of
Consumer Financial and Health Information Regulation
which was ultimately granted by the Executive (EX) Committee. The
PP Working Group stated that its intent was to create a new model
law to replace both Model Law #670 and Model Regulation #672.

Big Data and Artificial Intelligence (H) Working Group

The BDAI Working Group met on August 10, 2022, and received
reports from several of its workstreams. Commissioner Gaffney of
Vermont gave a report on the Artificial Intelligence
(“AI”)/Machine Learning (“ML”) Survey
workstream, which is analyzing the results of the AI/ML Survey for
the private passenger auto line of business. The subject matter
experts plan to publicly present their report at the NAIC’s
Fall National Meeting in December. The AI/ML Survey for the home
line of business is in the final stages of development; once the
NAIC programs the survey into its systems, 10 states will formally
issue the market conduct data call, and insurers will likely be
asked to respond within 30 days. Finally, the AI/ML Survey for the
life line of business is in the development phase.

Commissioner Ommen of Iowa provided an update on the work of the
Third-Party Data and Model Vendors workstream. The workstream is
considering several potential initial steps for enhanced regulatory
oversight of third-party data and model vendors, including
requiring contracting insurers to certify that the models that are
being used comply with certain standards and developing a library
of third-party vendors.

Other Working Groups of the ICT Committee

The ICT Committee met on August 10, 2022, and heard reports from
its various working groups, including the ones that did not hold
meetings at the Summer 2022 NAIC National Meeting. In addition to
the PP Working Group and BDAI Working Group, the following working
groups gave updates:

  • Cybersecurity (H) Working Group – This
    working group continues to track the adoption of the Insurance
    Data Security Model Law
    (#668). Currently, 21 states have
    adopted Model Law #668. At the federal level, the Cyber Incident
    Reporting for Critical Infrastructure Act of 2022
    (“CIRCIA”) was signed into law. CIRCIA requires that
    critical infrastructure operators report cybersecurity incidents to
    the US Department of Homeland Security and the Cybersecurity and
    Infrastructure Security Agency (“CISA”). Earlier this
    year, CISA launched its “Shields Up” program campaign to
    warn critical infrastructure operators of cybersecurity threats.
    The working group also reported that the NAIC is planning to host a
    cybersecurity tabletop session with Maryland later this year.

  • E-Commerce (H) Working Group – The
    working group continues to review and consider the various issues
    raised by insurance departments and industry in response to the
    e-commerce surveys conducted in 2021 regarding impediments to
    e-commerce and the various steps taken by insurance departments
    with respect to e-commerce as a result of the COVID-19 pandemic.
    The working group has focused on five categories of issues:

    1. E-signatures

    2. E-notices

    3. Claims

    4. Policy

    5. Other

    The working group plans to expose its framework for public comment

  • Innovation in Technology and Regulation (H) Working
    – As the newest group of the ICT Committee,
    this working group began holding discussions on the different
    approaches insurance departments are taking to encourage
    technological innovation, including innovation sandboxes.

Visit us at

Mayer Brown is a global legal services provider
comprising legal practices that are separate entities (the
“Mayer Brown Practices”). The Mayer Brown Practices are:
Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited
liability partnerships established in Illinois USA; Mayer Brown
International LLP, a limited liability partnership incorporated in
England and Wales (authorized and regulated by the Solicitors
Regulation Authority and registered in England and Wales number OC
303359); Mayer Brown, a SELAS established in France; Mayer Brown
JSM, a Hong Kong partnership and its associated entities in Asia;
and Tauil & Chequer Advogados, a Brazilian law partnership with
which Mayer Brown is associated. “Mayer Brown” and the
Mayer Brown logo are the trademarks of the Mayer Brown Practices in
their respective jurisdictions.

© Copyright 2020. The Mayer Brown Practices. All rights

Mayer Brown
article provides information and comments on legal
issues and developments of interest. The foregoing is not a
comprehensive treatment of the subject matter covered and is not
intended to provide legal advice. Readers should seek specific
legal advice before taking any action with respect to the matters
discussed herein.

POPULAR ARTICLES ON: Insurance from United States

Cyber Insurance Experiencing ‘Future Shock’

Freeman Mathis & Gary

The idea of “Future Shock”—that an accelerated pace of change causes social and psychological disruptions—dates from Alvin Toffler’s 1970 book of the same name.

US Insurance Regulators Ask: What Is A ‘Bond’?

Kramer Levin Naftalis & Frankel LLP

Regulation of insurance company solvency is a key pillar of insurance law worldwide, and in the United States no less than elsewhere. In the US’s state-based regulatory system…

Source link

Related posts

Australian investigation into Amber Heard perjury charges – Crime

RBI Digital Lending Guidelines: Safeguards Borrower Data Security – Privacy Protection

Social origin discrimination – The gateway to new grounds of discrimination – Discrimination, Disability & Sexual Harassment