Iowa, Utah Adopt Consumer Privacy Regulations

November 7, 2002

Iowa and Utah have adopted consumer privacy regulations that closely follow a National Association of Insurance Commissioners’ (NAIC) model.

National Association of Independent Insurers (NAII) Counsel Ann Weber expressed appreciation that the Iowa Insurance Department modified its proposed rule so as to not impose a penalty on an insurer for any infraction, no matter how minor or unintentional. The revised language says insurers “shall be subject to penalties” instead of “shall be found to have committed a violation.”

The Iowa and Utah regulations require insurers to implement a “comprehensive written information security program that includes administrative, technical and physical safeguards for the protection of customer information.” Those safeguards “shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities.”

Weber said the Nebraska Insurance Department may include similar provisions in its omnibus bill to be submitted in the 2003 legislative session.

The Utah regulation became effective Sept. 26, 2002, and its enforcement date is Jan. 24, 2003. The Iowa regulation becomes effective June 30, 2003.

Was this article valuable?

Here are more articles you may enjoy.