Regulators criticized for allowing industry wording on new privacy model
The question of how much input the insurance industry should have on new privacy model rules divided some regulators and consumer advocates during a confusing conference call Wednesday.
The Privacy Protections Working Group is attempting to create a new privacy model regulation for the states to consider for adoption. During a June call, the working group took a voice vote “to revise an existing privacy model rather than continue work on a new privacy model.”
The candidates for a new privacy model starting point are: the new draft Insurance Consumer Privacy Protection Model Law (#674), or the existing Privacy of Consumer Financial and Health Information Regulation Model Regulation (#672). Several industry trade groups have contributed an enhanced “#672 Plus” that added a third option.
Wednesday’s call was further muddled by pre-call instructions that working group members would hold “a vote on this call to determine if Model 672 or 672 Plus will serve as the basis for revising the Model.”
Indiana Insurance Commissioner Amy L. Beard, chair of the working group, scratched that plan, deferring any further action until the National Association of Insurance Commissioners’ summer meeting Aug. 12-15 in Chicago.
The result left consumer advocates unsure of whether to comment or wait. Peter Kochenburger is a 2024 NAIC consumer liaison. The initial draft sets out the direction of the model, he said, and it can be hard to deviate from the direction set in that first pass.
“It is not a good image at all for the regulators to start with the regulated entities’ preferred language,” said Kochenburger, a visiting professor of law at Southern University Law Center. “I’m not criticizing the industry for doing this, but I don’t think it should be accepted as your starting point.”
Regulating to meet the capabilities of big data and artificial intelligence has proven to be a lengthy process for NAIC working groups. The Executive Committee and Plenary adopted the Model Bulletin on the Use of Algorithms, Predictive Models, and Artificial Intelligence Systems by Insurers in December after a deliberate process.
Safeguarding consumer data
Regulators created Model #674 to modernize and replace the existing #672, as well as the Insurance Information and Privacy Protection Model Act #670. It shares characteristics with state privacy laws adopted in New York and California, both of which include a more restrictive approach to the management of personal information.
During the working group’s June call, speakers lined up for and against the tougher regulation — consumer groups on one side and industry representatives on the other. A point of specific contention is the “opt-in” provisions versus the “opt out.”
Harold M. Ting is a 2024 NAIC consumer liaison for health care. Model #672 provides only for opt-out, Ting told the working group, which is difficult for consumers to understand and puts the responsibility for data privacy on consumers. Reams of information and complex verbiage must be digested before consumers select whether they want data shared or sold when access to desired information is denied.
The new Model #674 requires an opt-in, Ting noted, and provides better consumer protection by putting the responsibility on insurers and third parties to obtain consent from insurance consumers prior to selling or sharing the consumer’s personal data.
‘Adverse underwriting decisions’
Speaking Wednesday, Ting asked regulators to adhere to the tough privacy principles they have developed to this point.
“There’s some sections in #674 that are not addressed in #672, or #672 Plus that we think are important,” Ting explained. “An example would be for adverse underwriting decisions, that’s not addressed in either of those two documents. It’s important for consumers who are getting turned down for certain policies to understand what information is being used, and where it came from.”
The June roll-call vote to proceed with amending #672 narrowly passed by a 10-6 margin, with three abstentions. Three of the Yes votes were contingent on future wording changes. After the vote, Beard was asked whether the working group voted to proceed with #672 or #672 Plus and “Commissioner Beard said it was to move forward with Model #672,” meeting minutes state.
The working group is scheduled to meet next on Aug. 14 for one hour in Chicago.
© Entire contents copyright 2024 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.
The post Regulators criticized for allowing industry wording on new privacy model appeared first on Insurance News | InsuranceNewsNet.