Don't Tinker With Privacy Laws, InsurerGroups Say
Following last year's major push to meet federal statutory deadlines, only a handful of states are significantly active this year in ensuring that the insurance industry maintains the privacy of consumer financial information. But as the states tinker with privacy regulations and legislation, they often entangle themselves in more problems, industry observers say.
When New Mexico Insurance Superintendent Eric P. Serna's department promulgated a regulation that deviated from his states privacy statute–which was essentially an adaptation of the 2000 National Association of Insurance Commissioners model privacy law–it created technical problems, according to Kathleen N. Jensen, insurance services counsel for the National Association of Independent Insurers in Des Plaines, Ill.
Mr. Sernas regulation changed the requisite privacy notice to consumers from opt-out to opt-in. This means that the insurance industry could not use certain consumer information without the express authority of the consumer (opt-in) instead of the current system in which a consumers passivity is deemed sufficient authority to continue using the information (opt-out).
But several sections of the regulation “did not flow right because talking about an authorization and an opt-out are two different things,” said Ms. Jensen.
After meeting with representatives from life, health and property-casualty insurance organizations, Mr. Serna agreed that some technical changes to the regulation are necessary, she stated.
A similar situation exists in California. In December, the insurance department put out a proposed privacy regulation that apparently was patched together from several sources, including the current NAIC model act and the NAICs Insurance Information and Privacy Protection model act, also known as the 1982 model act. “Again, there were inconsistencies–things that would be a real problem to deal with,” Ms. Jensen stated.
In a February meeting of California Insurance Commissioner Harry Low and insurance and consumer groups, these discrepancies were among the concerns raised, she said. Although Mr. Low said he would take the concerns under advisement in re-drafting the regulation, “we havent seen a revision yet to the proposed regulation,” Ms. Jensen said.
In the interim, a privacy bill based on existing legislation was introduced in the California legislature, although it remains stuck in the Judiciary Committee, Ms. Jensen said. (For more on the situation in California, see Jim Connolly's article on page 17.)
Reynold E. Becker, vice president, property-casualty, for the Alliance of American Insurers in Downers Grove, Ill., added that some state legislatures “have started going a little overboard” on the discarding of sensitive consumer information and have not been willing to wait for insurance department or NAIC regulations on this topic.
He noted that the state legislature of Washington recently passed the so-called Dumpster Diver bill. It is designed to address the concern “that if information is not discarded properly or in a secure enough fashion, people could search the garbage or relatively easily find out financial or health information about people,” Mr. Becker explained.
He added that there are already federal regulations on this topic that apply to banks and securities firms. “So this is overkill from some of the state legislatures,” he said. Georgia and New York lawmakers also have been delving into this area, he noted.
There are also efforts to modify the privacy notices that are sent to consumers.
Ms. Jenkins said that the U.S. Securities and Exchange Commission held a special meeting called “Get Noticed,” which looked at ways to make privacy notices more easily read and understood by consumers. But this applies only to federally-regulated entities, she noted.
Now the NAIC also wants to put together a consumer-friendly notice to be used by state-regulated insurance entities. Ms. Jensen was named to the NAIC task force to draft that notice. “Weve had a couple of meetings, we have a draft were looking at [and] were still working on the final product,” she reported.
Mr. Becker said that the industrys view is that GLB should be given a chance to work, and that it is too early to determine how well the privacy regulations and industry programs are working.
He noted that the applicable regulations have been in place only since July 2001. The initial privacy notices went out to consumers last summer. Now “were approaching the time for the annual notices to start coming out, so we havent even gone a full cycle yet,” he said.
He added that insurers have made a “substantial investment” of resources and money to implement privacy programs.
Therefore, the industry “would ask the states–both the insurance departments and the legislatures–to hold off on tinkering until we can get the system up and running and work out some of the kinks,” he stated.
Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, May 27 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.
Continue Reading for Free
Register and gain access to:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.