Insurers Hit Additional N.J. Rules on Personal Information Protection

New Jersey officials’ interpretation of a new state law meant to thwart identity theft goes further than lawmakers intended and would impose impractical requirement upon insurance companies, according to an industry group.

The New Jersey Consumer Affairs Division proposed regulations that would implement the Identity Theft Prevention Act closed last week. In a letter to the division, the Property Casualty Insurers Association of America (PCI) outlined its opposition to implementation of the regulations, which the group says go beyond the practical implementation sought out by the state Legislature.

The legislation establishes standards for the protection of individual’s personal information. It includes provisions pertaining to security freeze on a consumer report by consumer reporting agencies, breach of security, notification procedures when there has been a breach, and the proper destruction of records. The proposal also includes the handling of Social Security numbers and the restriction on the communication of these numbers.

“The terminology and requirements of the division’s new regulations do not take into account the Department of Banking and Insurance’s existing regulations,” maintained Richard Stokes, regional manager and counsel for PCI, in the letter to officials.

Stokes said the property/casualty insurance industry is already operating under regulations to safeguard customer information and urged officials to review those before imposing new ones.

“Implementing this proposed regulation exceeds the requirements set out in the legislation,” stated Stokes. “This regulation does nothing to clarify how businesses are required to comply and adversely impacts their ability to serve its customers.”

Source: PCI