Search NAIC

Recommended
Insurance Summit International Forum InsurTech Contacts Insurance Departments Contacts Consumer Insurance Search Insurance Terms
NAIC Logo

Back to Insurance Topics

Data Privacy and Insurance

Background

Last Updated: 3/16/2024

Issue: Today’s economy runs on data, and the insurance industry is no exception. Increasing technology and computer processing capabilities, combined with the availability of unprecedented amounts of digital consumer information, has led to the extensive use of consumer data by a variety of commercial, financial and technology companies. That, coupled with action in the European Union (EU) and pressure on Congress to pass national data privacy legislation, raises concerns of preemption of state efforts and solutions that may not be appropriate for the insurance industry. State insurance regulators continue to raise questions about the benefits and harms arising from the innovative use of technology and consumer data in the insurance sector. They are also tracking the impact big data and automated, algorithm-based decision-making such as artificial intelligence(AI) including machine learning (ML) will have on the existing regulatory framework.  

Background: Data privacy refers to the amount of control consumers have over their personal data. There is now an incredible amount of data collected on individuals via smart phones, internet browsers and other digitally connected services including smart home devices. The EU’s General Data Protection Regulation (GDPR) came into effect in 2018 and requires companies to allow consumers to “opt in” to the collection and use of personal data. In January 2020, the California Consumer Privacy Act (CCPA) went into effect. This requires for-profit companies operating in California to provide consumers with transparency and control of their personal data. Many states have recently enacted data privacy laws, and other states are actively considering similar legislation.  

The NAIC currently has a few model laws that deal with consumer data privacy:   

  • The Health Information Privacy Model Act (#55) 
  • The Insurance Data Security Model Law (#668) 
  • The NAIC Insurance Information and Privacy Protection Model Act (#670).   
  • The Privacy of Consumer Financial and Health Information Regulation (#672).   
  • The Standards for Safeguarding Customer Information Model Regulation (#673) 

Every state adopted #672 to be in compliance with Gramm-Leach-Bliley Act requirements. However, as this model is several decades old, it does not reflect the technological advancements and proliferation of data collection in the digital era. The NAIC Privacy Protections (H) Working Group is currently drafting a new Privacy Protections Model Act (#674) to replace and modernize Models #670 and #672.  

Actions

Status: The Privacy Protections (H) Working Group is charged with drafting a new model law to replace the existing models. The group is currently engaged in the drafting process for the new Privacy Protections Model Act (#674). The model covers several topics including consumer rights, consent, and notification as well as third-party service agreements, data retention and deletion policies, and data sharing agreements. The working group is taking a collaborative approach to the drafting process and collecting feedback from various stakeholders, including consumer and industry representatives. The current draft of the model can be found on the exposure drafts tab of the working group’s webpage. The working group is re-evaluating the timeline for this project to carefully consider feedback from all interested parties.  

The NAIC will also continue to engage with state attorneys general and Congress regarding state and federal data privacy laws to identify ways to work together to enhance consumer protections in this area. 

Related Content

Use the select options below to view recently added content related to the topic selected.

Keyword

Committee

This filter is disabled while the research only filter is enabled.

Research

Meetings

View upcoming meetings or use the completed tab to view the last 150 days.

Wednesday, July 10, 2024

Interim Meeting Calendar

Privacy Protections (H) Working Group

The purpose of this 60-minute open call is for the Working Group to follow up on its roll-call vote decision during the last open call on June 12, 2024, to revise an existing privacy model rather than continue work on a new privacy model. During this meeting, the Working Group will: 1) consider its June 12 minutes for adoption; 2) discuss existing privacy models; and 3) decide which model(s) should be used for the revision. The agenda and materials will be distributed and posted to the public website prior to the call.

11:00 AM ET, 10:00 AM CT, 9:00 AM MT, 8:00 AM PT
60 minutes

About This Meeting

Privacy Protections (H) Working Group
Innovation Cybersecurity and Technology (H) Committee
Wednesday, July 10, 2024
10:00 AM CDT

The purpose of this 60-minute open call is for the Working Group to follow up on its roll-call vote decision during the last open call on June 12, 2024, to revise an existing privacy model rather than continue work on a new privacy model.

During this meeting, the Working Group will: 1) consider its June 12 minutes for adoption; 2) discuss existing privacy models; and 3) decide which model(s) should be used for the revision.

The agenda and materials will be distributed and posted to the public website prior to the call.

NAIC Logo

© 1991-2024 National Association of Insurance Commissioners.

All rights reserved.

Stop.Call.Confirm is a registered service mark of the National Association of Insurance Commissioners.

Privacy Policy
Accessibility
Connect
Workplace
Web CMS
Facebook Twitter Youtube LinkedIn
Services
MyNAIC iSite+ Financial Statement Filing Automated Valuation Service Account Manager
Resources
Resource Center Newsroom Publications Meetings and Events Education and Training Glossary of Insurance Terms
Support
Contact Help Careers