Regulations being proposed in three states aimed at safeguarding consumer information should be modified so as not to encourage private lawsuits against insurers, according to the Alliance of American Insurers. The three states, Arkansas, Oregon and Utah are considering regulations that closely track the recently adopted 2002 National Association of Insurance Commissioners’ Standards for Safeguarding Customer Information Model Regulation. They are the first to consider the model regulation. Eventually, all states will have to adopt standards to comply with provisions in the federal Gramm-Leach-Bliley (GLB) Act. The GLB provisions require regulators to establish standards to protect the confidentiality and security of customer records, protect against threats to security or integrity of the information and to protect against unauthorized access to customer records. The proposed state regulations require insurers to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The program must be appropriate to the size and complexity of the insurer and the nature and scope of its activities. The regulations give examples of methods of developing and implementing an information security program. These include steps to assess risk, manage and control risk, oversee service provider arrangements, and adjust the program. Violations would be considered unfair trade practices. Hearings will be held in the near future on the above-states’ regulations and the Alliance plans to submit comments at each.
Topics Legislation
Was this article valuable?
Here are more articles you may enjoy.
Microsoft Tells Texas Agencies They Were Exposed in Russian Hack 
Ryan Specialty Announces Succession Plan: Pat Ryan to Exec Chair, Turner to Be CEO 
Big ‘I’ Report: Independent Agency Channel Placed 62% of Premiums in 2023 
US Roof Maintenance Lags: Hanover From This Issue
