Calif. Privacy Initiatives Prompt Reaction

The bill requires operators of Internet Web sites to inform those who have used personal information on sites of any breach of privacy such as an attack by a hacker, she said.

Such a requirement would be giving trial lawyers a list of potential participants for a class action suit, Ms. Mahrt said. It would make it easier for companies to be sued using California professional code 17200, she said.

The issue of identity theft is one that is important to insurers and one that insurers try to stop but this is "the wrong way to fix the problem," she commented.

There are some reports that suggest the issue may also be addressed in an amended California Senate bill, Ms. Mahrt added.

Privacy watchers are also reacting to the latest draft of a regulation being developed by the California insurance department.

The draft, released on May 23, seeks to establish a guideline for consumer privacy to meet requirements in the Gramm-Leach-Bliley Act of 1999.

Tena Friery, research director with the Privacy Rights Clearinghouse, San Diego, said the draft regulation should offer protections that are consistent with Gramm-Leach Bliley.

Consistency is also a high priority for the American Council of Life Insurers, Washington, said John Mangan, director of state relations. A chief concern, he said, is uniformity among states. "We are very much concerned that there not be separate notices."

Sam Sorich, senior vice president and general counsel with the National Association of Independent Insurers in Des Plaines, Ill., says the latest draft consists of revisions that are both good and bad.

Pluses that Mr. Sorich cited include a change to the definition of customer to make it clearer that it reflects an ongoing relationship. Annual privacy notices would be sent to those customers with an ongoing relationship, he explained.

The time frame for allowing customers to opt out of sharing of personal information was changed to 30 days from 45 days and is now more consistent with a privacy model, Privacy of Consumer Financial and Health Information model regulation, adopted by the National Association of Insurance Commissioners, Mr. Sorich said.

But there are other areas in the draft that still need to be addressed, Mr. Sorich added. For example, the issue of providing an opt-out notice to customers if an agent or broker shops a policy for better terms is not addressed, he continued.

Mr. Sorich also said an article in the draft addressing safeguarding of private information by carriers should be held until it is evident what action the NAIC is going to take. Currently, the NAIC, based in Kansas City, Mo., is working on how privacy information should be safeguarded.

An important issue concerns the inclusion of workers' compensation and conceivably all commercial insurance in the draft regulation, according to Rey Becker, vice president, property-casualty, with the Alliance of American Insurers, Downers Grove, Ill.

Additionally, he added, the elimination of the word "nonpublic" in the definition of nonpublic personal information covered in the language of the regulation is another concern. This is not the way that the issue is approached in Gramm-Leach-Bliley or at the NAIC, Mr. Becker said.

Rick Nelson, a spokesman for the National Association of Mutual Insurance Companies, Indianapolis, said that NAMIC supports the privacy provisions contained in the GLBA. It is essential for consumers to know for what purposes their information will be used. It is important, however, for companies to be able to use the information within their organizations in order to effectively inform consumers about new products and opportunities.