Earlier this year, the National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force proposed a comprehensive model law that covers, among other things, data security breach reporting. The model law followed closely on the heels of the NAIC Task Force’s adoption of a “Cybersecurity Bill of Rights,” which outlines the rights that the task force believes consumers should expect when they entrust their personal information to an insurance company. In late May, the Cybersecurity Task Force met again to discuss comments from the insurance industry on the model law (including the notification requirements), but no changes have yet been made to the model law as a result.