According to the National Association of Independent Insurers (NAII), The California Insurance Department’s latest revisions to its proposed consumer financial privacy regulations are still at odds with state and federal statutes and do not create uniformity and consistency with other state privacy laws.
“Many of the proposed privacy standards are unauthorized and unnecessary to safeguard nonpublic personal information,” Sam Sorich, vice president and western regional manager of the NAII, said. “The insurance commissioner should further amend the standards so consumers can better understand their privacy choices and companies can more easily and cost-effectively comply with the regulations.”
The latest privacy draft by the California insurance department was released last month. State insurance departments must establish privacy standards-regarding insurers’ collection, use, disclosure and safeguarding of consumers’ personal financial data- to conform with the federal Gramm-Leach-Bliley (GLB) Act of 1999. California’s insurance commissioner must adopt some version of the regulations by the end of this year, or the regulatory process will have to be started from scratch.
Some of the provisions in the latest version of the regulations pose significant problems because they are too broad in scope. The regulations apply to a third-party personal injury claimant against a commercial liability policy and workers’ compensation claimant, even though the GLB Act and California’s Insurance Information Privacy Protection Act-which serve as the statutory bases for the regulations- only apply to personal insurance.
“The regulations go against state and federal statutes, and should only address insurance for personal, family or household needs rather than business or professional needs,” Sorich said in a statement recently sent to the California Insurance Department. “The regulations should not apply to information about companies or about individuals who obtain products or services for business, commercial or agricultural purposes.”
The regulations also propose “California-only” mandates in privacy notices. The provisions do not clarify or explain the concepts of an insurance company’s obligation to provide a “California notice” and a “standard privacy notice.” Insurance companies are unable to understand its requirements because these two newly added terms are not defined, according to Sorich.
Moreover, the proposal would make it difficult for insurance representatives to conduct business over the telephone. The Aug. 12 version of the regulations would require the insurance company representative to give a lengthy, detailed notice of the “licensee’s privacy policies” during a telephone call with the customer.
“It is impractical and would create impossible compliance requirements,” Sorich said.
Finally, the draft fails to give insurers enough time to put new compliance systems into place. The revision establishes an effective date of 120 days after the regulations are filed with the Secretary of State. Instead, regulations should be set at 12 months after the filing to give insurers a fair opportunity to make and fully implement necessary system changes.
“The time frames and content for the regulations’ privacy notices outlined in these provisions would require insurers to create unique compliance programs for California,” Sorich said. “These questionable and unjustified provisions should be deleted or significantly amended.”
Topics California Carriers Legislation
Was this article valuable?
Here are more articles you may enjoy.
No, Florida Lawmakers Did Not Repeal the No-Fault Auto Insurance Law 
Trump Administration Targets Dismantling of Already-Weakened DEI 
Florida Woman Drives Elevated Pickup Over Lamborghini Sports Car in Parking Lot 
Upstate New York Agent Pleads Guilty to Stealing More Than $50M From Neighbors 
