State Legislatures Face New round: Safeguarding Customer Privacy

July 18, 2002

State regulators are gearing up for the next round of privacy proposals that will require a company to create a written information security program for the protection of their customers’ personal information. The programs must include administrative, technical and physical safeguards and the scope of the programs will be dependent on the size and complexity of the individual company.

According to the National Association of Independent Insurers (NAII) eight states have consumer privacy proposals: Arkansas, California, Iowa, Nebraska, New York, Oregon, Utah and West Virginia.

“Although a handful of states are just now proposing specific customer protection measures, NAII expects to see a flurry of activity in states that need to quickly put these safeguards in place,” Kathleen Jensen, NAII insurance services counsel, commented. “The General Accounting Office’s (GAO) recent report reminded states that in addition to adopting privacy standards dealing with opt- out privacy notifications, the Gramm/Leach/Bliley Act also required a specific, written program for safeguarding personal information of a company’s customers. We expect that states will play catch-up on complying with this mandate over the next few months.”

Companies must protect a customer’s nonpublic personal information, including nonpublic personal financial information and nonpublic personal health information.

According to NAII, the objectives of the information security program in the Gramm/Leach/Bliley Act are to ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of the information and protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer.

The National Association of Insurance Commissioners (NAIC) adopted a model regulation regarding the standards for safeguarding customer information and states are expected to look at this model as a guide.

NAII explained that one concern is that some states are inserting the word “consumer” rather than “customer,” into their proposals.

Jensen said that NAII will be working with insurance departments and legislators in the states to encourage proposals that follow the NAIC model and include customer rather than consumer.”

Was this article valuable?

Here are more articles you may enjoy.