While insurers skirmish with regulators over how privacy standards will look in states like Vermont and California, a powerful new twist to the issue is developing, according to an industry representative.
The ability of an insurer, credit agency or other business entity to use a consumer’s Social Security number is getting the attention of state attorneys general, according to Neil Alldredge, state relations manager, with the National Association of Mutual Insurance Companies in Indianapolis.
Often, use of a Social Security number is a “linchpin” in an insurers’ ability to operate, he says.
If this trend–what Alldredge calls the “next phase” in the privacy issue–gains momentum, state agencies may not be able to release consumer information because data such as a driver’s license often is accessed by inputting a Social Security number, he says.
The Social Security number is a “national identity tool” that business has come to rely on, Alldredge says.
The issue should be determined by looking back to the intent of the Social Security Act, according to Kevin Hennosy, chairman and founder of SpreadtheRisk.org in Kansas City, Mo. A Social Security number should not be used for purposes other than Social Security, he adds.
“It is a dangerous number to have floating around,” being a critical number to all kinds of a consumer’s personal accounts, says Robert Hunter, who is with the Consumer Federation of America in Washington.
Indiana is one state where this new issue is being advanced. Indiana Attorney General Steve Carter is supporting a privacy bill, Indiana SB 376, that has passed out of the state Senate and is moving through the Assembly. The bill could be voted into law by March 14, when the session ends.
Indeed, attorneys general continue to track how privacy standards are being implemented to conform with the Gramm-Leach-Bliley Act. A letter sent in mid-February by 46 attorneys general to the Federal Trade Commission made recommendations on how privacy notices should be implemented in the future.
The attorneys general are recommending short, standard forms. They wrote that “it is clear that millions of consumers did not read or understand the dense text and long discussion contained in thousands of privacy notices developed by financial institutions prior to the initial July 1, 2001 deadline.”
They cite the low opt-out rate, less than 5%, to forms sent out to meet the July 1, 2001 deadline. An opt-out is a request by a consumer that nonpublic personal information not be used.
Indeed, the attorneys general argued in their letter that consistency will cut down on compliance costs and enhance competition by making comparisons easier.
In its effort to establish privacy standards, the Vermont department of banking, insurance, securities, and health care administration, also approached the FTC late last year to determine whether its regulation can offer greater protection than GLBA.
The FTC has not responded to the Vermont request or requests made by Illinois and Connecticut regulators, Claudia Bourne Farrell, an FTC spokeswoman says. However, it has responded to one filed by North Dakota, she adds.
Vermont has also responded to a suit filed against it by insurers, saying they do not have a case in their challenge to privacy standards that became effective Nov. 17, 2001 with a compliance date of Feb. 15, 2002.
On Feb. 20, the department filed its response in Washington County Superior Court (Docket # 56-1-02) to a suit filed by five insurance trade groups. The response asserted the department’s right to promulgate the regulation to comply with GLBA.
The trade groups include the American Council of Life Insurers and the American Insurance Association, both in Washington; the National Association of Mutual Insurance Companies in Indianapolis; the Alliance of American Insurers in Downers Grove, Ill.; and the National Association of Independent Insurers in Des Plaines, Ill.
Reproduced from National Underwriter Life & Health/Financial Services Edition, March 4, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.