Close Close

Regulation and Compliance > State Regulation

GAO: States Behind Feds On Privacy Regs

Your article was successfully shared with the contacts you provided.

NU Online News Service, May 28, 5:39 p.m. — Washington

State insurance authorities are behind most federal agencies in establishing the consumer privacy standards required by the Gramm-Leach-Bliley Financial Services Modernization Act, the General Accounting Office says in a new report.

Although most states have adopted regulations or enacted legislation based on a model regulation developed by the National Association of Insurance Commissioners, Kansas City, Mo., there is no guarantee that all states will implement the regulation consistently, the GAO warns.

While states are in the process of implementing their versions of the model regulation, they may not offer a consistent level of legal protection for the security and confidentiality of insurance customer information and records, the GAO says.

In contrast, the GAO says, except for the Federal Trade Commission, all the federal agencies charged with implementing GLB’s privacy requirements have already issued their final standards.

The GAO also notes that there is considerable variation in the privacy standards adopted by the states. Although most have adopted the NAIC model developed in 2000, several have retained versions of an earlier model, developed in 1982, which they believe provides greater protections than the 2000 model.

In addition, the GAO says, some states have modified or retained existing provisions of their laws and regulations that also provide consumers with more protection than GLB requires.

The NAIC responded to a draft of the GAO report by pointing out that every state except Alaska now has privacy protections in place that meet or exceed the GLB standards.

Privacy is a controversial issue, and, unlike federal agencies that have direct authority from Congress, most state insurance regulators have had to ask their state legislatures for the authority to make the required changes, the NAIC told the GAO.

But an industry group, the American Insurance Association, Washington, says the GAO report shows the need for greater uniformity in state insurance regulation.

The states that have refused to follow the NAIC’s 2000 model law have created inconsistencies in state insurance privacy regulation, according to Stephen Zielezienski, AIA’s assistant general counsel.

“This patchwork of state regulation puts insurers at a competitive disadvantage with financial services entities regulated by the federal government,” Zielezienski says.