Do you have a privacy policy for your personal lines clients? Have you told all of them what it is? If you’re a typical insurance agent, the answer to both questions is probably “No.” That means you have to worry about complying with the privacy provisions in Title V of the Gramm-Leach-Bliley Financial Services Modernization Act (GLB) and regulations that state insurance departments have adopted to enforce it.
The best evidence suggests that by and large insurance agents have done nothing more to comply with GLB than rely on the agent exception. They don’t see a need to develop and implement their own privacy policies because they perceive the agent exception as the answer to all their problems, a carve-out that allows insurance agents to rely on the privacy policies and notices the insurance companies they represent send to their customers.
There are three good reasons why insurance agents ought to be taking a more proactive approach to protecting the confidentiality of personally identifiable financial information their clients provide. The first is that the agent exception doesn’t cover all the services that the typical insurance agent performs. You could drive a truck through the holes in the agent exception, and someday you might find that truck loaded with litigation that you don’t need. Business considerations also argue against relying on the agent exception as the exclusive response to Title V of GLB. Finally, agents who rely exclusively on the agent exception relinquish control over what they tell their clients.
The exceptions to the agent exception in GLB are the biggest reason for insurance agencies to develop their own privacy policies and provide the required notices to their clients. There are three tests for the agent exception. It applies only to a business that is an agent of another financial services business subject to GLB and only if the principal provides the required privacy notice and opt-out form. Those two requirements sound pretty solid for most insurance agents, but they don’t cover all the bases. It’s the third test, however, that gives agents the most trouble. The agent exception doesn’t apply if you disclose protected information to any party other than the principal.
The problem with the first two tests is that it’s fairly common practice for insurance agents to place coverage without benefit of an agency contract. Even agents who never act as a broker by placing insurance through another agency or directly with a carrier that accepts business from brokers, will at one time or another turn to a residual market that does not give agency contracts to every licensed producer, and that’s outside the scope of the agent exception.
The limitation on disclosing information to anybody other than the principal can be even more restrictive. Once you have placed a line, it means that you cannot disclose any protected information about your client to anybody but the incumbent carrier. You can’t even use the insured’s name and address to remarket the account on renewal or to place coverages that the current carrier cannot or will not write. That’s how the National Association of Insurance Commissioners (NAIC) sees it, and they drafted the privacy regulation that most states have adopted in one form or another.
Business considerations offer an even more compelling reason for agents to develop their own privacy policies. It means that you don’t have to worry about abiding by the privacy policies of each of the insurance companies you represent. Apart from the need for intimate familiarity with several different privacy policies, the content of those policies can be enough to deter a well-informed agent from relying exclusively on the agent exception. Some of the privacy policies that insurance companies have come up with are so restrictive that they don’t allow using protected information for anything except placing and maintaining the coverage in the original application. Heaven forbid an agent should copy the insured’s address from a homeowners application to place personal auto coverage with the same carrier. Some privacy policies make that illegal because the insured did not give that information to the insurance company for that reason.
Fortunately, there’s a simple solution to what looks like an insoluble dilemma. Develop your own privacy policy and tell your clients what it is. GLB and insurance department privacy regulations require an initial notice and an annual notice thereafter. Given the way insurance agents jealously guard the privacy of client information, there should be no need to make any change other than inserting a single sheet of paper into something you send your clients at least once a year. Sample privacy policies and notices are readily available, and enclosing a notice with each renewal policy is more than enough to put you in control.
Joseph F. Mangan brings more than a quarter century of experience in property and casualty underwriting to his current position as consultant, author and editor. Mr. Mangant has authored four textbooks on commercial lines underwriting, and contributed to textbooks on personal lines insurance and insurance operations.
Was this article valuable?
Here are more articles you may enjoy.
Changes at American Coastal Insurance After Florida OIR Action on ‘No-Fly List’ 
‘Extremely Dangerous’ Hurricane Beryl Takes Aim at Caribbean 
Allstate, Nationwide Post Dramatic Q12024 Homeowners Loss Ratio Drops: S&P 
Supreme Court Overturns Chevron Rule in Blow to Regulators From This Issue
