State insurance departments should keep a closer eye on insurers’ use of purchased data concerning individual consumers.
Officials at the U.S. Government Accountability Office have come to that conclusion in a new report on financial services companies’ purchases of consumer information from information resellers.
The officials looked at federal and state agencies’ efforts to monitor and enforce compliance with the privacy and data security provisions of the Gramm-Leach-Bliley Financial Services Modernization Act and the Fair Credit Reporting Act.
The Federal Trade Commission is responsible for getting insurers to comply with the FCRA, but state insurance regulators are responsible for enforcing Gramm-Leach-Bliley.
“We recommend that state insurance regulators, individually and in concert with the National Association of Insurance Commissioners, take additional measures to ensure appropriate enforcement of insurance companies’ compliance with the privacy and safeguarding provisions of the Gramm-Leach-Bliley Act,” Yvonne Jones, GAO director for financial markets and community investments, writes in a letter summarizing the results of the research.
State regulators and the NAIC, Kansas City, Mo., should start by following up on the results of a 2005 multistate Gramm-Leach-Bliley compliance review that included dozens of life insurers with 2002 gross written premiums over $200 million as well as many health insurers and property-casualty insurers, Jones writes.
Federal bank examiners have the authority to examine banks’ information resellers and do so on a regular basis, Jones writes.