NAIC
Members Adopt Model Consumer Privacy
Regulation Initiative Ensures Compliance with
GLBA
Kansas City, Missouri – Members of the National
Association of Insurance Commissioners (NAIC) voted today to adopt
standards for the regulation of Consumer Financial and Health
Information. Today’s action will guide the individual states in
their efforts to comply with the consumer privacy protections
outlined in the Gramm-Leach-Bliley Act (GLBA).
"We believe a national standard for the privacy of
personal health and financial information is critical for both
consumers and financial institutions," said Kathleen Sebelius,
Kansas Commissioner of Insurance and NAIC Vice President. "This NAIC
action will enhance the ability of states to enact uniform standards
and protect sensitive consumer information across the country. This
uniform standard will assure consumers that their personal
information will be protected regardless of where they live and
regardless of which financial entity collects the information."
The NAIC’s model privacy regulation is a direct
response to the requirements set forth by the Congress under GLBA.
"We tailored our model to reflect the provisions of GLBA and to
provide insurers with a workable national uniform standard,"
Sebelius explained.
"The goal of the Working Group was to maintain as
much uniformity with the federal rules as possible to ensure a level
playing field between insurers and their competitors in the
financial services sector. The Working Group also recognized that
some changes and additions to the federal rules would be necessary
because insurance is different from banking and securities.
Explaining the NAIC process, Sebelius stated, "We
have worked closely with consumer and industry representatives to
craft a regulation that protects consumers but does not inhibit the
business of insurance," Sebelius stated. "The input we received
during the drafting process helped us create what we believe is a
model that provides a necessary level of privacy protection."
Sebelius further commented that the insurance
regulators took additional steps to protect the most sensitive
consumer information, their health information, "We made clear that
companies wishing to share, sell, market or give away health
information, except for specific business exceptions, must receive
explicit consumer permission.
The NAIC model comes as the U.S. Department of
Health and Human Services continues to draft privacy regulations for
health information. It is expected these regulations will go into
effect two years after they are finalized. In the meantime, Sebelius
noted, "Consumers are worried about what will happen to their
personal health information from now until the HHS regulation goes
into effect; Our regulation will give consumers protection until the
HHS regulation is implemented."
Members of the NAIC have been discussing and
addressing the privacy of personal information, including health
information, for more than 20 years. In 1980, the association
adopted the Insurance Information and Privacy Protection Model Act,
which generally requires insurers to receive authorization from
individuals ("opt-in") to disclose personal information. In
September 1998, the association adopted the Health Information
Privacy Model Act because of the special issues surrounding health
information. This model treats personal health information as a
different type of information that receives a higher level of
privacy protection. The model uses an "opt-in" standard and
establishes exceptions that allow insurers to carry on business
functions without obtaining consumer consent.
The NAIC is located on the World Wide Web at
www.naic.org. It is the nation's oldest association of state
government officials, consisting of insurance regulators from the 50
states, the District of Columbia, and four U.S. territories.
|