Regulators Begin Work To Safeguard Consumer Information
Efforts to safeguard information that insurers gather on their customers are taking shape.
State regulators are developing a model regulation that will create guidelines to develop information security programs. A working group of the National Association of Insurance Commissioners has released the NAIC model regulation establishing standards for safeguarding customer information.
Safeguarding consumer information is part of the bigger issue of privacy that state regulators have been grappling with for the last two years since passage of the Gramm-Leach-Bliley Act of 1999 that mandates the establishment of privacy guidelines.
The draft as it now stands requires that insurers implement a “comprehensive written information security program that includes administrative, technical and physical safeguards for the protection of consumer information.”
An insurer would be required to assess risks and the likelihood and potential damage of threats to consumer information it held. Once risks are identified, an insurer, as the model currently stands, would have to develop a security program, train staff to implement the program and test key controls, systems and procedures of the security program.
Efforts to safeguard customer information is occurring even as state regulators continue work to create state privacy standards.
Insurers, represented by both life-and-health and property-casualty trade groups, have been working with state regulators and legislators to establish privacy standards.
Regulations in development in California and Vermont have also raised concerns among insurers that have been voiced by trade groups such as the American Council of Life Insurers in Washington.
Reproduced from National Underwriter Life & Health/Financial Services Edition, August 27, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.