California’s proposed privacy standard includes unauthorized, unnecessary provisions that should be amended so consumers can better understand their rights, and companies can more easily comply with the regulations according to the National Association of Independent Insurers.
“The proposed regulations are generally a good effort, but they miss the mark in some important respects,” Sam Sorich, vice president and western regional manager at the NAII, testified Feb. 8. “With some responsible, constructive changes, California can implement financial privacy requirements that are easy for consumers to comprehend.”
Sorich noted several problematic sections of the California Department of Insurance’s proposed privacy regulations regarding insurance carriers’ collection, use, disclosure and safeguarding of consumers’ personal financial data during the DOI hearing on Friday in San Francisco.
The scope of the regulations is too broad because it applies to commercial liability insurance as well as third-party and workers’ compensation claimants-blurring the distinction between commercial and workers’ compensation insurance and insurance primarily for personal, family or household purposes. It also runs contrary to Title V of the 1999 federal Gramm-Leach-Bliley (GLB) Act and the state’s Insurance Information and Privacy Protection Act, enacted in 1980.
The regulation would establish a “minimum amount necessary” limit on financial and medical record disclosures would be established, also at odds with the state statute. For more than 20 years, insurers and the DOI have operated under a “reasonably necessary” limitation standard.
The regulation calls for overly strict standards to convey privacy language in the proposal goes well beyond the reasonable and adequate “plain English” standard.
The regulation would establish “California-only” standards for safeguarding nonpublic personal info.
“The National Association of Insurance Commissioners (NAIC) is developing a model regulation to address standards for the safekeeping of privacy information,” Sorich said. “To achieve a high level of uniformity and consistency in state insurance regulation, NAII believes that California should wait until the NAIC completes its adoption of its model regulation before creating California-specific security standards.”
Also, a number of California-only requirements for notice and opt-out language would be created. They would:
force insurers to state the purpose in addition to the type of information, sources and disclosures used.
mandate that the opt-out form be placed on the first-page of a privacy notice mailing.
impose opt-out and notice requirements on agents who help consumers shop for insurance.
set a 45-day time period for consumers to exercise their right to opt-out, when other states have adopted a 30-day time period.
“The opt-out form makes sense when the privacy notice is read first,” Sorich said. “Also, no good justification exists for California to adopt a unique opt-out time period. Several requirements in the regulations add to the complexity and length of the notice, making it more difficult for consumers to read and understand.”
Was this article valuable?
Here are more articles you may enjoy.