In late December, Ohio became the second state to adopt the National Association of Insurance Commissioners’ (NAIC) Insurance Data Model Law, joining South Carolina in enacting cybersecurity requirements that insurers must follow. Lawyers said the law included largely agreed upon cybersecurity best practices, which if implemented nationwide could be an easier model for attorneys to follow, unlike a patchwork of regulations.

The South Carolina and Ohio laws closely mirror the National Association of Insurance Commissioners’ Insurance Data Security Model Law, which was finalized by the association in 2017. The cybersecurity best practices recommended by the NAIC include board of director oversight, ongoing risk assessment, multifactor authentication and encryption. South Carolina implemented its law in April 2018, and Ohio’s regulations are set to go largely into effect in a year.