Insurance companies with systems in place to meet state and Federal Privacy standards may need to do some “tweaking” to assure continued regulatory compliance, according to the National Association of Independent Insurers (NAII).
Although passage of the Gramm-Leach-Bliley Act (GLBA) in 2000 resulted in all 50 states addressing the privacy issue to ensure compliance with the Act, seven states still have proposals pending. These proposed regulations or statutes could change the process for complying with privacy regulations for some insurance companies.
“Most of the adopted privacy regulations are based on the National Association of Commissioners’ (NAIC) privacy models of 1982 or 2000,” NAII Insurance Services counsel Kathleen Jensen said. “However, a handful of states have not adopted a regulation or statute. The language in some of the proposals does not necessarily follow the NAIC’s models and could impact the way privacy is handled by companies writing business in those states.”
However, companies need to keep a close eye on the remaining handful of states to ensure that their systems will meet the privacy compliance requirements adopted in these particular states, according to Jensen.
Seven states still considering privacy
The following two states have recently proposed privacy insurance regulations.
Alaska – In 2002, the Alaska Division of Insurance proposed an insurance privacy regulation. The proposed regulation does not contain an exemption for affiliate sharing and requires opt-in for non-affiliate sharing. The Division of Insurance has not made any subsequent changes to the proposed regulation, nor have they taken any additional actions to have this regulation adopted. NAII anticipates that a privacy regulation will be adopted in 2003.
Idaho – In 2002, the Idaho Department of Insurance proposed the NAIC model regulation. However, the proposal contains the notable omission of claimant and workers’ compensation from the definition of consumer and the omission of the section regarding the non-public personal health information. The rule is before the legislature for approval. Prior to this rule, the Idaho Department of Insurance had been operating under a temporary rule that was based on the National Conference of Insurance Legislators’ (NCOIL) privacy model. NAII anticipates that the legislature will approve this regulation in 2003.
Five states have privacy legislation that has been introduced in 2002 and carried over to 2003, or new legislation has been introduced in 2003. Among them:
California – In 2002, State Senator Jackie Speier introduced privacy legislation that eventually failed. In 2003, she reintroduced this legislation as SB1. The legislation requires opt-out for affiliate sharing and opt-in for non-affiliate sharing. NAII anticipates some form of legislation to be signed by the governor in 2003. In 2002, the California Department of Insurance adopted a privacy regulation. The regulation is based on the NAIC Model regulation but contains the 1982 Statute exceptions. Additionally, the regulation applies to all commercial lines. It becomes effective March 24, 2003. If the current legislative proposal is adopted, companies writing business in California will have to comply with all adopted regulations and statutes.
Montana – House Bill 205 was pre-filed on Dec. 27, 2002. This bill makes amendments to the existing privacy statute that was amended in 2001. The original statute was based upon the NAIC Privacy Model statute. Many of the amendments are applicable to individually identifiable health information section.
Topics California Legislation
Was this article valuable?
Here are more articles you may enjoy.
Coverage Needed: Hundreds of Thousands in SE Now in Flood Zones With New Maps 
Microsoft Tells Texas Agencies They Were Exposed in Russian Hack 
Big ‘I’ Report: Independent Agency Channel Placed 62% of Premiums in 2023 
Changes at American Coastal Insurance After Florida OIR Action on ‘No-Fly List’ From This Issue
