Last Updated 2/22/2022
Issue: Today’s economy runs on data, and the insurance industry is no exception. Increasing technology and computer processing capabilities, combined with the availability of unprecedented amounts of digital consumer information, has led to the extensive use of consumer data by a variety of commercial, financial and technology companies. That, coupled with action in the European Union (EU) and pressure on Congress to pass national data privacy legislation, raises concerns of preemption of state efforts and solutions that may not be appropriate for the insurance industry. State insurance regulators continue to raise questions about the benefits and harms arising from the innovative use of technology and consumer data in the insurance sector. They are also tracking the impact big data and automated, algorithm-based decision-making such as artificial intelligence (AI) including machine learning (ML) will have on the existing regulatory framework.
Data Privacy: Data privacy refers to the amount of control consumers have over their personal data. There is now an incredible amount of data collected on individuals via smart phones, internet browsers and other digitally connected services including smart home devices. The EU’s General Data Protection Regulation (GDPR) came into effect in 2018 and requires companies to allow consumers to “opt in” to the collection and use of personal data. In January 2020, the California Consumer Privacy Act (CCPA) went into effect. This requires for-profit companies operating in California to provide consumers with transparency and control of their personal data. Colorado, Hawaii, Louisiana, Illinois, Maine, Nevada, North Dakota, Texas, and Virginia also recently enacted data privacy laws, and many other states are considering similar legislation.
The NAIC currently has two model laws that deal with consumer data privacy:
- The NAIC Insurance Information and Privacy Protection Model Act (#670).
- The Privacy of Consumer Financial and Health Information Regulation (#672).
The NAIC Privacy Protections (D) Working Group is charged with reviewing current state insurance privacy protections to assess whether enhancements are needed. In 2022 the group will move under the purview of the Innovation, Cybersecurity, and Technology (H) Committee.
Data Technology: With the explosion in data in the 21st century, technologies have also been developed, complemented by significant increases in processing power and speed, to process, manage and use data in new ways. Cloud storage and software-as-a-service (SaaS) technologies have driven costs of data storage down and contributed to a significant increase in computing capacity. Data can be processed in new ways using AI, ML and natural language processing (NLP) techniques to extract new insights. Blockchain technology creates shared records that cannot be changed over time. This makes processing transactions less error-prone and enables organizational efficiencies. All these technologies are currently in use to conduct insurance business around the world. This creates challenges and opportunities for state insurance regulators.
State insurance regulators are interested in and engaging with these new uses of data and technologies in a variety of ways. The NAIC has compiled a list of contacts for each state insurance department to engage with the industry on innovation and technology issues. NAIC members and regulators regularly connect with the Insurtech community. State insurance regulators are open for collaboration and discussion on these issues and their regulatory implications, particularly regarding consumer protections.
Data Use: Data technologies are dependent on the availability of huge amounts of data. Insurers produce and gather their own data by allowing consumers to opt-in to telematics, wearables or other Internet of Things (IoT) programs. IoT devices collect data about an insurance consumer’s behavior, such as physical activity or driving habits, to inform underwriting. They can also monitor property, such as moisture sensors in buildings to catch water damage early. This can be used to assess, prevent and mitigate risk, as well as offer insights into consumer behaviors. Insurers also collect data from publicly available sources like government agencies, geographic information systems (GIS) and social media to use techniques like AI or ML to make decisions on various insurance processes.
The NAIC Big Data and Artificial Intelligence (H) Working Group is charged with reviewing existing regulatory frameworks used to oversee insurers’ use of consumer and non-insurance data. The Accelerated Underwriting (A) Working Group is also engaged in the area of data use. It is charged with examining the use of external data and data analytics in accelerated life insurance underwriting to determine if additional regulatory action or guidance is needed.
Status: Many NAIC groups are focused on issues relating to data use in the insurance industry. The Innovation, Cybersecurity, and Technology (H) Committee is charged with coordinating the efforts of these groups and considering the need for overall regulatory guidance on insurer use of consumer data and industry practices around data technologies. In 2020, the Artificial Intelligence (EX) Working Group (since renamed the Big Data and Artificial Intelligence (H) Working Group) developed AI principles for the insurance industry. The NAIC membership adopted these principles at its 2020 Summer National Meeting.
The NAIC will also continue to engage with state attorneys general and Congress regarding state and federal data privacy laws to identify ways to work together to enhance consumer protections in this area.
Committees Active on This Topic
Data and Innovation Resource Collection
NAIC Research Library
AI-Enabled Underwriting Brings New Challenges for Life Insurance: Policy and Regulatory Considerations
2021, Journal of Insurance Regulation
Social Media as Factor in Personal Injury Underwriting: Risk, Rate and Regulation
July 2020, Journal of Insurance Regulation (Article Overview)