In their first congressional testimony together as a full commission, the Federal Trade Commissioners expressed support for comprehensive federal privacy legislation before the Senate Committee on Commerce, Science, and Transportation Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security on November 27. While the focus of the hearing was primarily on privacy and data security, the Commission’s written testimony provided updates regarding other consumer protection and competition matters.
The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law (“Model Law”) in October 2017. The purpose of the Model Law is to establish standards for data security and the investigation of and notification to the Insurance Commissioner of a Cybersecurity Event, but is not intended to create a private right of action.
The Model Law is based largely on the New York Department of Financial Services’ Cybersecurity Regulations, 23 NYCRR 500 (“NYDFS Cyber Regulations”), which took effect on March 1, 2017.  In fact, a drafting note to the Model Law indicates that compliance with the NYDFS Cyber Regulations is intended to constitute compliance with the Model Law.