Recognizing that the NAIC’s model consumer data privacy laws have not been revised since 2017, the NAIC Privacy Protections Working Group (Privacy WG) is dusting off the NAIC Insurance Information and Privacy Protection Model Act (Model 670) and the Privacy of Consumer Financial and Health Information Regulation (Model 672). The Privacy WG is charged with recommending whether, and to what extent, freshening up is needed to these models. The Privacy WG will turn to health care privacy later.
Because there have been many technological developments since 2017, a regulator-only work group was formed to identify key issues across five subjects for comment, including:
- Types of data collection, sharing, and usage specific to insurers;
- How privacy risk affects insurance consumers;
- Gaps in federal and state law;
- Obligations insurers should have to consumers; and
- What rights consumers should have to control their personal information.
The regulator-only work group will consider Model 670 and Model 672 alongside proposed federal legislation, the European Union’s General Data Protection Regulation, the California Consumer Privacy Act, and the NAIC’s data security model law. It will also work closely with the NAIC’s Artificial Intelligence and Accelerated Underwriting working groups.
Insurers using consumer information should be aware that the inevitable revisions to Model 670 and Model 672 could require them to freshen up their policies and procedures.