NAIC Continues Work on Climate Risk and Resilience Issues
Regulatory & Investigations
On Thursday, July 30, 2020, the National Association of Insurance Commissioners (“NAIC”) Privacy Protections (D) Working Group (the “Working Group”) met virtually as part of the NAIC Summer 2020 National Meeting. During the conference call, the Working Group received an update on data privacy legislation and reviewed plans to begin an analysis of existing privacy laws and regulations for insurance. As we had previously reported, the Working Group has been evaluating the existing NAIC privacy model laws and regulations to identify whether there is a need for new requirements or amendments to any existing NAIC model laws and regulations.
The Working Group first heard updates on state and federal legislative activity relating to privacy protections including, inter alia, regarding the Data Accountability and Transparency Act of 2020 (“DATA 2020”), a discussion draft of which was recently released. DATA 2020 contains various provisions that would apply to the insurance industry, but at this time it is not expected to pass.
The Working Group also heard a presentation from members of the health insurance industry which included a comparative analysis of different approaches to regulating privacy (such as the California Consumer Privacy Act, the European Union General Data Protection Requirements, the US Health Insurance Portability and Accountability Act). The presentation identified regulatory gaps in the existing privacy laws and regulations. The Working Group will review and consider whether such gaps are significant and/or relevant to state insurance regulators, consumers and the insurance industry and whether any updates should be made to existing NAIC privacy model laws and regulations or whether a new NAIC model privacy law should be drafted. The Working Group stated that it intends to use MDL-672 as its base for evaluation and that it has identified the following three areas of focus for such evaluation: (1) consumer issues, (2) industry obligations, and (3) regulatory enforcement and responsibilities.