NAIC Model Laws, Regulations, Guidelines and Other Resources—4
th
Quarter 2017
© 2017 National Association of Insurance Commissioners 668-9
(b) The ceding insurers that have a direct contractual relationship with affected Consumers
shall fulfill the consumer notification requirements imposed under [insert the state’s
breach notification law] and any other notification requirements relating to a
Cybersecurity Event imposed under Section 6.
F. Notice Regarding Cybersecurity Events of Insurers to Producers of Record
In the case of a Cybersecurity Event involving Nonpublic Information that is in the possession, custody or
control of a Licensee that is an insurer or its Third-Party Service Provider and for which a Consumer
accessed the insurer’s services through an independent insurance producer, the insurer shall notify the
producers of record of all affected Consumers as soon as practicable as directed by the Commissioner.
The insurer is excused from this obligation for those instances in which it does not have the current
producer of record information for any individual Consumer.
Section 7. Power of Commissioner
A. The Commissioner shall have power to examine and investigate into the affairs of any Licensee to
determine whether the Licensee has been or is engaged in any conduct in violation of this Act. This power
is in addition to the powers which the Commissioner has under [insert applicable statutes governing the
investigation or examination of insurers]. Any such investigation or examination shall be conducted
pursuant to [insert applicable statutes governing the investigation or examination of insurers].
B. Whenever the Commissioner has reason to believe that a Licensee has been or is engaged in conduct in this
State which violates this Act, the Commissioner may take action that is necessary or appropriate to enforce
the provisions of this Act.
Section 8. Confidentiality
A. Any documents, materials or other information in the control or possession of the Department that are
furnished by a Licensee or an employee or agent thereof acting on behalf of Licensee pursuant to Section
4I, Section 6B(2), (3), (4), (5), (8), (10), and (11), or that are obtained by the Commissioner in an
investigation or examination pursuant to Section 7 of this Act shall be confidential by law and privileged,
shall not be subject to [insert reference to state open records, freedom of information, sunshine or other
appropriate law], shall not be subject to subpoena, and shall not be subject to discovery or admissible in
evidence in any private civil action. However, the Commissioner is authorized to use the documents,
materials or other information in the furtherance of any regulatory or legal action brought as a part of the
Commissioner’s duties.
B. Neither the Commissioner nor any person who received documents, materials or other information while
acting under the authority of the Commissioner shall be permitted or required to testify in any private civil
action concerning any confidential documents, materials, or information subject to Section 8A.
C. In order to assist in the performance of the Commissioner’s duties under this Act, the Commissioner:
(1) May share documents, materials or other information, including the confidential and privileged
documents, materials or information subject to Section 8A, with other state, federal, and
international regulatory agencies, with the National Association of Insurance Commissioners, its
affiliates or subsidiaries, and with state, federal, and intern
ational law enforcement authorities,
provided that the recipient agrees in writing to maintain the confidentiality and privileged status of
the document, material or other information;
(2) May receive documents, materials or information, including otherwise confidential and privileged
documents, materials or information, from the National Association of Insurance Commissioners,
its affiliates or subsidiaries and from regulatory and law enforcement officials of other foreign or
domestic jurisdictions, and shall maintain as confidential or privileged any document, material or
information received with notice or the understanding that it is confidential or privileged under the
laws of the jurisdiction that is the source of the document, material or information;