CDI Urged to Wait before Implementing Proposed Privacy Regulations

By | February 25, 2002

We strongly encourage the Department to wait before they actually promulgate these regulations.”

That sentiment was offered during testimony given Feb. 8, by Steve Young, senior vice president and general counsel for IBA West, at a California Department of Insurance (CDI) hearing in San Francisco, regarding the state’s proposed privacy regulations.

“We agree with the [CDI] that regulatory guidance would be very desirable,” Young commented. “The problem is that most people believe the Legislature will pass this year some fairly substantial amendment changing the laws in the state. There are a huge number of businesses that just completed last summer a substantial compliance effort. To make them change three months from now, then do it again three months after that…. No one’s interests are going to be served by having 50 unique privacy requirements for insurance companies or brokers and agents who do business in multiple states.”

Sam Sorich, vice president and western regional manager for the National Association of Independent Insurers (NAII), noted that the regulations presently being proposed have a number of areas that must be addressed in order to satisfy insurers.

According to Sorich, who also testified at the CDI hearing, among the major themes addressed were that the proposed requirements were not necessary under California or Federal law and that the imposition of such requirements would result in higher expenses, making it much more difficult for agents and companies to do business in the state.

Sorich said that reconsidering some of the proposals in the regulations is necessary to avoid a potential situation which would require companies to develop California-only notice forms and California-only practices.

It was also noted that a number of National Association of Insurance Commissioners’ (NAIC) subcommittees are presently addressing model solutions to deal with the Gramm-Leach-Bliley (GLB) Act, and its impact with both federal and state privacy laws.

“GLB and [the 1980 Insurance Information and Privacy Protection Act] are limited to personal insurance,” Sorich commented. “By referring to commercial insurance and workers’ comp, the proposed regulations go beyond the authorized scope of GLB and the 1980 law.”

“A good portion of the proposed regulations here in California were based on the NAIC model,” Sorich mentioned. Where it deviated from the NAIC model, we have some concerns.”

Sorich noted that if the proposed regulations go through, several California-only requirements for both notice and opt-out language would be formed. “The [CDI’s] hands are really tied because the statute requires opt-out,” Sorich commented. “An insurer must give the consumer the opportunity to opt-out before the insurer shares certain types of information with non-affiliated companies.” Other concerns are that the NAIC model neither relates to commercial insurance nor specifies a 12-point type for the privacy notices, while the California regulations do both; that while the California regulations require notices to advise the purposes for which information is collected and disclosed, the model doesn’t have a “purposes requirement;” that the California regulations prohibit the disclosure of account balances and payment histories, whereas such prohibitions are not in the model; the notice to joint consumers in the California regulations differs from the notice in the model; and the California regulations set a 45-day period for the exercise of the right to opt-out—something that is again not included in the model.

From here, the CDI could adopt the regulations or amend them in a way that does not substantially change the provisions.

While Young stated that the regulations should be revised in a significant way, he added that to some extent, the Commissioner’s hands are tied. “We would love to see the Commissioner exempt agents and brokers from the requirement to send out privacy notices on a renewal, when the only thing they’re doing with non-public personal information is securing or attempting to secure alternatives quotes or options for the very insurance product the consumer has come to the agent or broker for in the first place,” Young said.

Was this article valuable?

Here are more articles you may enjoy.

From This Issue

Insurance Journal West February 25, 2002
February 25, 2002
Insurance Journal West Magazine

Ocean Marine, Catastrophe