While insurers say that uniform privacy regulations have been largely achieved, in a few states, including Vermont, California and Massachusetts, privacy standards are still being debated.
A proposed regulation was scheduled to be reviewed by the Vermont legislative committee on administrative rules at press time.
The Vermont department of banking, insurance, securities and health care administration has dropped the joint marketing opt-out requirement for non-affiliates.
Affiliates would be required to operate according to the federal Fair Credit Reporting Act which says affiliates can share some data such as name and contact information. However, for information such as credit worthiness and personal characteristics, an opt-in would be required. Other states have an opt-out provision.
The Vermont department is trying to establish standards for insurers that are similar to standards for banks created by the Vermont bank privacy law, says Jackie Hughes, general counsel.
Insurers say that the proposed rule goes beyond the Gramm-Leach-Bliley Act of 1999.
The American Council of Life Insurers in Washington, according to Michael Lovendusky, a senior counsel, is concerned that the Vermont regulation establishes an opt-in requirement for information disclosures to nonaffiliated third parties. This departs substantially from the NAIC Model Privacy Regulation, he says, that requires the financial institution to provide a consumer with an opportunity to opt-out of such information disclosure. Information disclosure to affiliates is treated the same in both the Vermont and NAIC approaches because opt-outs to consumers are provided one time at the initiation of a relationship for certain kinds of information, pursuant to FCRA, Lovendusky adds.
Concern that privacy regulations could overreach GLB was played out in the California legislature recently when a Senate bill, S.B. 773, was deferred until the next legislative session in January 2002.
Insurers lobbied feverishly to prevent the bill’s passage in its current form. The bill was debated and amended several times and defeated in its current form in a late evening legislative session on Sept. 13.
State Sen. Jackie Speier, D-San Francisco, who sponsored the bill, could not be contacted at press time. The senator could continue to press for a measure based on the current bill or offer a new bill. The bill had passed the senate and was being debated in the Assembly.
Sam Sorich, vice president and western regional manager with the National Association of Independent Insurers in Des Plaines, Ill., says that S.B. 773 requires an opt-in for joint marketing agreements. A major impediment would be created for smaller companies forming joint marketing agreements with third parties, he says. A big company that had affiliates could operate and share information and conduct the same activity and not be subject to the opt-in.
So, if a company wanted to offer a credit card and had no affiliates, it would be subject to the opt-in, he continued.
Sorich says that a private cause of action provision that had been in the bill was removed.
Another problem with the bill, according to Bill Gausewitz, assistant vice president with the American Insurance Association in Washington, is the way it would prevent insurers from using a relationship database among lines of business.
But the defeat of the bill in this session does not represent a decision not to deal with the issue, he adds. “The issue is still alive.”
In Massachusetts, several bills are currently under consideration. Currently, four bills in the Massachusetts House addressing privacy are being considered and one Senate bill.
Reproduced from National Underwriter Life & Health/Financial Services Edition, October 8, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.