Under Iowa’s proposed regulation on consumer privacy, an insurer could be penalized for a single instance of failing to comply with its requirements, according to the National Association of Independent Insurers (NAII).
NAII Counsel Ann Weber, in a letter to the state Insurance Department, took exception to the provision under which a single contravention of the regulation could result in enforcement action and penalties, including forfeiture or revocation of an insurer’s license.
“Since there is no objective criteria in the proposed rules specifying what constitutes a comprehensive written information security program, and since the ‘required’ safeguards are also not specified,” Weber said, “it may be impossible for an insurer to determine what level of effort is required for compliance.
“While NAII agrees that a company should be allowed the flexibility to develop its comprehensive written information security program, as the proposed rule outlines, we object to the fact that a single infraction could result in penalties. A single contravention of the proposed regulation should not be actionable; there should be a finding of a consistent or intentional contravention of the rules for safeguarding customer information before action is taken against an insurer.”
Topics Legislation Iowa
Was this article valuable?
Here are more articles you may enjoy.
Wildfires Are Upending Some of the Safest Bets on Wall Street 
FBI Says Chinese Hackers Preparing to Attack US Infrastructure 
Undercover St. Louis Officer Beaten by Colleagues Awarded $23.5M 
California Chiropractor Sentenced to 54 Years for $150M Workers’ Comp Scheme 
