Life insurance companies are strongly opposing an Internet privacy bill they say could effectively destroy online sales of insurance.
The legislation, S. 2201, was introduced by Senate Commerce Committee Chairman Ernest F. Hollings, D-S.C., and could be voted on by the committee as early as this week.
The bill would establish strict rules governing the collection and disclosure of “sensitive” personal data–including name, address, phone number, health, race, political party, religious belief, sexual orientation, Social Security number or financial data–by Internet service providers or operators of commercial Web sites.
Under S. 2201, ISPs and commercial Web site operators would be barred from collecting or disclosing personal information of a user unless they provide “clear and conspicuous notice” to the user. They would also have to obtain consent of the user before collecting and disclosing information about “sensitive” issues.
In addition, S. 2201 requires providers and operators to give users “robust” notice of the opportunity to opt out of information gathering and to give users access to all the personal data about them.
The legislation would allow private lawsuits against providers and operators for violations of the act, in addition to vesting the states and Federal Trade Commission with enforcement authority.
In testimony before the committee, John C. Dugan, an attorney representing the Financial Services Coordinating Council, said S. 2201 would have a disproportionate impact on financial institutions.
In effect, he said, the bill creates an opt-in standard for sensitive information. While this is not an issue for most types of businesses, Dugan said, it is central to the business of insurers, banks and securities firms.
By restricting any use of personal data by the financial institution, he said, the bill creates a new and unnecessary roadblock between companies and their customers.
Dugan contrasted S. 2201 with the Gramm-Leach-Bliley Acts privacy provisions, which, he said, apply only to disclosures.
Since the S. 2201 provisions also apply to use, he said, it would in effect require institutions to contact customers and obtain permission prior to engaging in core business activities involving personal data.
He added that the private right of action provision will lead to abusive class action lawsuits against financial institutions.
Unlike most online businesses, he said, financial institutions are already heavily regulated, and regulators have broad powers to punish violations of the law.
Reproduced from National Underwriter Life & Health/Financial Services Edition, May 13, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.