Blog

Kentucky and Maryland Enact Insurance Data Security Laws

Written by A.J. S. Dhaliwal
May 27, 2022
Estimated Read Time: 1 min
As seen in

In April, Kentucky (HB 474) and Maryland (SB 207) adopted insurance data security legislation based on the National Association of Insurance Commissioners (NAIC) model law. A total of 15 states have adopted the NAIC Model Law. We previously discussed the requirements of the model law in our insurance certifications round-up, including its recent adoption by other states. Among other things, the model law further calls for insurers to quickly report and investigate data breaches and certify their compliance efforts annually with security provisions. 

Maryland’s law takes effect on October 1, 2022 and Kentucky’s law goes into effect on January 1, 2023. Both states have a one-year grace period with respect to the requirement to establish a written information security program and a two-year grace period for compliance with relevant service provider oversight requirements.

Putting it Into Practice:  As more states look to adopt the model law, insurers should evaluate their in-house security programs, and monitor developments in states that have yet to pass similar laws. 

Disclaimer: This alert is provided for information purposes only and does not constitute legal advice and is not intended to form an attorney client relationship. Please contact your Sheppard attorney contact for additional information.

Loading component...

Loading component...

Loading component...