A Security Worry For Insurers

By Arthur D. Postal Washington Bureau Chief

NU Online News Service, March 14, 3:44 p.m. EST?Recent hackerattacks at companies that collect, store and sell personal data areraising insurer worries about new privacy and security regulationfor the insurance industry, an insurer trade group said.[@@]

The American Insurance Association said the attention at boththe state and federal levels follow security breaches atChoicePoint, LexisNexis and Bank of America.

Eric Goldberg, AIA assistant general counsel, said the episodes"individually and collectively cast a spotlight" on the issues forinsurers.

"Insurance companies take the privacy of consumers veryseriously and have procedures in place to ensure that insurancecompanies report information to consumer reporting agencies, suchas ChoicePoint, in strict compliance with the Fair Credit ReportingAct," Mr. Goldberg said.

"Any other government regulation under consideration needs to bebalanced to address legitimate privacy concerns while not creatingunintended consequences for business."

Mr. Goldberg said the crux of the issue is that no one law orgovernment authority oversees the commercial collection anddistribution of such diverse personal information that is used byso many different industries.

"There is also an inconsistent degree of privacy protectionamong the state laws. Regardless, the ultimate solution to theseproblems is to improve security measures that protect consumerdata," he noted.

Mr. Goldberg made his comments Thursday against the backgroundof a hearing on the issue by the Senate Banking Committee anddisclosure of a severe security breach at ChoicePoint that israising insurers' concerns that Congress and the states may act toimprove security in a way that raises costs and adds regulatoryburden.

Mr. Goldberg said that several states have introduced regulatorybulletins and/or legislation regarding disclosure of privateinformation that would require a business to notify a consumer ofthe unauthorized use of that consumer's personal identifyinginformation.

California passed a similar bill in 2002 but is consideringamending the statute to include an additional requirement of freeaccess to credit reports for one year following a security breach,Mr. Goldberg said.

He noted that Congress will examine this issue in the comingmonths with several bills having already been introduced andseveral committees besides the Senate Banking Committee havingscheduled hearings on the subject.

"The specific security breach at ChoicePoint raises concerns forinsurers about the validity of information that it receives fromthe company collecting and maintaining the data," Mr. Goldbergsaid.

"It is critical that any information supplied by ChoicePoint toinsurers, or any other business interest for that matter, be secureand accurate," he explained. "Having access to the objective datasupplied by ChoicePoint helps insurers make more accurateunderwriting and rating decisions, which in turn helps consumersreceive the most fair and accurate pricing for their insuranceproducts."