But several sections of the regulation “did not flow right because talking about an authorization and an opt-out are two different things,” said Ms. Jensen.

After meeting with representatives from life, health and property-casualty insurance organizations, Mr. Serna agreed that some technical changes to the regulation are necessary, she stated.

A similar situation exists in California. In December, the insurance department put out a proposed privacy regulation that apparently was patched together from several sources, including the current NAIC model act and the NAICs Insurance Information and Privacy Protection model act, also known as the 1982 model act. “Again, there were inconsistencies–things that would be a real problem to deal with,” Ms. Jensen stated.

In a February meeting of California Insurance Commissioner Harry Low and insurance and consumer groups, these discrepancies were among the concerns raised, she said. Although Mr. Low said he would take the concerns under advisement in re-drafting the regulation, “we havent seen a revision yet to the proposed regulation,” Ms. Jensen said.

In the interim, a privacy bill based on existing legislation was introduced in the California legislature, although it remains stuck in the Judiciary Committee, Ms. Jensen said. (For more on the situation in California, see Jim Connolly's article on page 17.)

Reynold E. Becker, vice president, property-casualty, for the Alliance of American Insurers in Downers Grove, Ill., added that some state legislatures “have started going a little overboard” on the discarding of sensitive consumer information and have not been willing to wait for insurance department or NAIC regulations on this topic.

He noted that the state legislature of Washington recently passed the so-called Dumpster Diver bill. It is designed to address the concern “that if information is not discarded properly or in a secure enough fashion, people could search the garbage or relatively easily find out financial or health information about people,” Mr. Becker explained.

He added that there are already federal regulations on this topic that apply to banks and securities firms. “So this is overkill from some of the state legislatures,” he said. Georgia and New York lawmakers also have been delving into this area, he noted.

There are also efforts to modify the privacy notices that are sent to consumers.

Ms. Jenkins said that the U.S. Securities and Exchange Commission held a special meeting called “Get Noticed,” which looked at ways to make privacy notices more easily read and understood by consumers. But this applies only to federally-regulated entities, she noted.

Now the NAIC also wants to put together a consumer-friendly notice to be used by state-regulated insurance entities. Ms. Jensen was named to the NAIC task force to draft that notice. “Weve had a couple of meetings, we have a draft were looking at [and] were still working on the final product,” she reported.

Mr. Becker said that the industrys view is that GLB should be given a chance to work, and that it is too early to determine how well the privacy regulations and industry programs are working.

He noted that the applicable regulations have been in place only since July 2001. The initial privacy notices went out to consumers last summer. Now “were approaching the time for the annual notices to start coming out, so we havent even gone a full cycle yet,” he said.

He added that insurers have made a “substantial investment” of resources and money to implement privacy programs.

Therefore, the industry “would ask the states–both the insurance departments and the legislatures–to hold off on tinkering until we can get the system up and running and work out some of the kinks,” he stated.

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, May 27 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.