Editor’s Note:
It wasn’t very long ago that ChoicePoint was in the news because the confidentiality of its customer database had been breached. Since then, other firms including Bank of America, Time Warner and Lexis-Nexis have acknowledged privacy problems.
Notice that no insurers have had to parade before the public with their privacy pants down. That’s because-but don’t tell anyone now-the insurance industry does a darn good job protecting the privacy of its customers.
Lawrence Mirel, commissioner of District of Columbia’s Department of Insurance, recently sent a report to Congress on the findings of a national study on the privacy protection practices of more than 100 of the largest insurance groups in the U.S. The study’s aim was twofold: to ensure compliance of insurance companies with the privacy provisions of the federal Gramm-Leach-Bliley and state model laws, and to avoid duplicate and inconsistent market conduct examinations by different states where these companies operate. The survey inquired about the practices of 112 of the largest property/casualty, life and health insurance groups representing approximately 700 insurance companies.
The preliminary report is based on approximately 90 percent of the data. Each participating group was required to answer 93 questions covering privacy notices, customer opt-out of sharing their information, and safeguarding their records.
Mirel said he was pleased with the overall level of compliance. “Our report shows that the privacy of personal financial information is generally well protected by the insurance industry,” he said. There is good reason for Mirel and the industry to be pleased. The report reveals that compliance problems by insurers are few and far between.
There is significant compliance with the privacy provisions of both the Gramm-Leach-Bliley Act and with model laws and regulations. There were only 273 write-ups about problems out of a possible total of 9,300. The greatest non-conformity area, about 58 percent of the write-ups, related to the customer’s right to correct personal information. Insurers generally had no problem with opt-out notices or elections.
The opportunity to deliver the report to Congress fell to Mirel because D.C. was the lead jurisdiction for the study, which was conducted with the National Association of Insurance Commissioners. Mirel, who recently announced he is leaving his post for other opportunities, posted a press release on the report but very little else has been seen or said about the privacy report. Apparently, good news on privacy or the insurance industry is best kept a secret.