In a flurry of consumer privacy activity, states rushed to comply with 1999's federal financial services modernization act, also known as the Gramm-Leach-Bliley Act (GLBA), which allows banks and insurance companies to engage in each other's business. The GLBA mandates that states pass privacy legislation for insurance consumers offering equal privacy protection to the federal privacy regulations imposed on banks.
According to the National Association of Insurance Commissioners (NAIC), as of May 1, 2002, the District of Columbia and 49 states had laws and/or regulations that meet the GLBA's privacy standards. However, the extent of those protections varies from state to state, with some states giving consumers more control over how insurers can use their financial and health information.
Highlights of the NAIC's privacy regulation |
Insurers may not share customers' health information without clear, written consent; however, they may share other information, including financial information, with some restrictions.
Insurers must provide customers with "clear and conspicuous notice" of privacy policies at least once every 12 months.
Insurers must inform customers of their right to opt out of having their insurance company disclose personal information to third parties.
Insurers may not share customers' account number information with third-party marketers.
Insurers may, however, share other customer information with third-party marketers, provided customers are both notified of their right to opt out, and of the insurance company's policy regarding third-party marketing.
|
The NAIC's privacy model act does not prohibit insurers from sharing customers' financial information, with the exception of account numbers and medical information. The NAIC reports that:
- 36 states plus the District of Columbia had enacted regulations/laws based on the NAIC model privacy regulation;
- 22 states include the financial and health provisions of the model (two of those states have "opt-in" instead of "opt-out" requirements);
- 14 states plus the District of Columbia have financial but not health provisions of the model;
- 13 states had retained the NAIC's 1982 model privacy act on their books; and
- one state had privacy regulations pending, but had not taken final action.
The NAIC's privacy model act does not prohibit insurers from sharing customers' financial information, with the exception of account numbers and medical information. Rather, the NAIC's model act requires insurers to notify consumers of their right to "opt out" of information sharing.
The "opt out" requirement means that consumers must tell the insurer in writing not to share any personal financial data with affiliate companies such as marketers and other financial services providers. The NAIC's model privacy act prohibits all sharing of health information without explicit written consent from the consumer.
|
British Citizens:
Canadian Citizens:
