Under Iowa’s proposed regulation on consumer privacy, an insurer could be penalized for a single instance of failing to comply with its requirements, according to the National Association of Independent Insurers (NAII).
NAII Counsel Ann Weber, in a letter to the state Insurance Department, took exception to the provision under which a single contravention of the regulation could result in enforcement action and penalties, including forfeiture or revocation of an insurer’s license.
“Since there is no objective criteria in the proposed rules specifying what constitutes a comprehensive written information security program, and since the ‘required’ safeguards are also not specified,” Weber said, “it may be impossible for an insurer to determine what level of effort is required for compliance.
“While NAII agrees that a company should be allowed the flexibility to develop its comprehensive written information security program, as the proposed rule outlines, we object to the fact that a single infraction could result in penalties. A single contravention of the proposed regulation should not be actionable; there should be a finding of a consistent or intentional contravention of the rules for safeguarding customer information before action is taken against an insurer.”
Topics Legislation
Was this article valuable?
Here are more articles you may enjoy.
Lawsuit Over Burger King’s Whopper Ads Set Back by Federal Judge 
Massive Wildfire Liabilities Push Utilities to Use AI to Stop Blazes 
‘Clear Soft Market Conditions’ for Commercial P/C Lines in Q3, Says CIAB 
Royal Bank of Canada Denies Claims of ‘Boys Club’ Culture, Bias Against Women 
