ALTA Submits Comment on Draft NAIC Model Cyber Security Law

April 5, 2016

ALTA on March 23 submitted a letter to the National Association of Insurance Commissioners' (NAIC) Cybersecurity Task Force outlining concerns with the group's draft Insurance Data Security Model Law.

ALTA is concerned that an insurance-specific data security law could conflict with other state and federal data security laws, making it impossible for title and settlement agents to comply with all their legal and contractual obligations.

“We are concerned that the Preliminary Working and Discussion Draft would not establish a single standard for consumer protection, which is likely to create confusion and conflict among various regulators, state attorneys general, courts, industry and consumers,” writes Justin Ailes, ALTA’s vice president of government and regulatory affairs. “As currently written, the Preliminary Working and Discussion Draft appears to take the most severe penalties, add an extensive additional regulatory burden and private rights of action under state regulation. No state today approaches data security in this manner.”

ALTA’s letter includes a section-by-section review of the Insurance Data Security Model Law draft.

As it continues to consider a standard for data security and investigation and notification of a breach of data security, ALTA encourages the NAIC to consult existing state and federal requirements that licensees are already required to follow.

“It may also be prudent for the NAIC to engage with and solicit comment about the Preliminary Working and Discussion Draft from state and federal regulators including state Attorneys General, the Federal Trade Commission (FTC), and Consumer Financial Protection Bureau (CFPB),” according to Ailes.

ALTA, through its Liaison Committee with the NAIC, will continue to work with the task force to improve the draft model act. If you have any questions, email Ailes at

Contact ALTA at 202-296-3671 or