Phase 2 of PA's Insurance Data Security Law Is Coming — Record of Compliance Required

In 2023, Pennsylvania joined the growing number of states enacting the National Association of Insurance Commissioners' (NAIC) Model Law on Insurance Data Security. On Dec. 11, 2024 (just four months away), the second phase of the law goes into effect, which requires licensees to undertake detailed risk assessments, design and implement comprehensive and written cybersecurity programs, and, for some organizations, publicly certify compliance with the law.

6 minute readSeptember 01, 2024 at 12:05 AM
By
Joshua A. Mooney
Ashley Pusey
Phase 2 of PA's Insurance Data Security Law Is Coming — Record of Compliance Required

In 2023, Pennsylvania joined the growing number of states enacting the National Association of Insurance Commissioners' (NAIC) Model Law on Insurance Data Security. Going into effect in December, but with

This premium content is locked for Cybersecurity Law & Strategy subscribers only

ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN Cybersecurity Law & Strategy

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts
Subscribe Now

Already have an account? Sign In Now

For enterprise-wide or corporate access, please contact Customer Service at [email protected] or call 1-877-256-2473.

NOT FOR REPRINT

© 2026 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Continue Reading

Analyzing the CCPA’s New Risk Assessment Requirement

Businesses subject to the CCPA now must conduct risk assessments for certain types of processing activities and, starting in 2028, must certify to California regulators that they completed the assessments.

February 01, 2026

Accountability and Precision Will Define the Next Phase of AI Adoption

The firms that will thrive when it comes to the adoption of AI will not be those with the most tools or the most prompts. They will be the ones with clear standards, defined human ownership and a dedicated AI partner able to turn raw generation into reliable, high‑value content.

February 01, 2026

AI Requires Law Firms to Rethink Business Models

Artificial intelligence is changing how legal work is performed. What’s needed is problem-solving optimism, a clinical appraisal of the firm’s capabilities and economic position, and earnest resolve to change before market pressure forces change under duress.

February 01, 2026

Using Private AI Tools Can Improve Ethical Compliance

The ethical use of AI should be a prerequisite for the integration of AI into a legal practice. Failure to learn and implement transparency, accountability, and best practices for responsible AI usage prior to employing AI will likely result in ethical and malpractice difficulties.

February 01, 2026