At the Fall 2022 National Meeting of the US National Association of Insurance Commissioners (“NAIC”), the Privacy Protections (H) Working Group (“PP Working Group”), a subgroup of the Innovation, Cybersecurity, and Technology (H) Committee (“H Committee”) met. Below are highlights from the meeting.
The PP Working Group met on December 12, 2022, and heard an update on state privacy legislation. NAIC staff reported that there has been no significant movement in state privacy legislation since the Summer 2022 National Meeting.1
The PP Working Group also reported on the progress of its two main projects:
- Its draft of the Insurance Consumer Privacy Protection Model Law (#674), which will replace the NAIC’s Insurance Information and Privacy Protection Model Act (#670) and the NAIC’s Privacy of Consumer Financial and Health Information Regulation (#672). The PP Working Group expects to expose the draft at the end of January 2023 for a 60-day comment period. Comments received are expected to be discussed in an open session at the NAIC Spring 2023 National Meeting in March 2023.
- Its reference document (formerly referred to as a “white paper”) explaining why the working group is proposing to make changes to the existing model law and regulation. The reference document is expected to be released in 2023.
Finally, the PP Working Group heard two presentations on general market practices regarding the use of personal information during the insurance process—a consumer perspective from Matthew Smith of the Coalition Against Insurance Fraud (“CAIF”) and a company perspective from Scott Fischer of Lemonade Insurance Company. Notably, Mr. Smith’s presentation focused on the results of “The Ethical Use of Data to Fight Insurance Fraud,” a CAIF study on the ethical use of data to fight insurance fraud. A wide range of topics were raised during the presentations and the subsequent question-and-answer session, including:
- A desire for a uniform but insurance-tailored regulatory framework;
- The need for clear and concise consumer disclosures;
- Correlating the level of protection and consumer control to the various types of data and data use categories;
- Concerns about data that is not originally sensitive but when grouped with other data can become sensitive;
- Data minimization;
- Data sharing with third parties;
- Use of synthetic data; and
- Use of telematics data.
Release of the draft model law will significantly progress the work of the PP Working Group and undoubtedly lead to signifcant debate on various issues related to data privacy as regulators work to develop a model regulatory framework for personal data use in insurance. We will continue to track and report on these developments.
To view additional updates from the US NAIC Fall 2022 National Meeting, visit our meeting highlights page.
1 For highlights from the PP Working Group during the Summer 2022 National Meeting, see our Legal Update “US NAIC Summer 2022 National Meeting Key Takeaways: Innovation, Cybersecurity, and Technology,” August 23, 2022.