Insurance Licensing

PRIVACY PROTECTION AND REGULATIONS

 

Fair Credit and Reporting Act (15 USC 1681-1681D) – regulates the collection of consumers' credit information and access to their credit reports. In California a consumer credit report MAY NOT be used as the basis for declining to insure or as a premium factor.

 

California Financial Information Privacy Act (CalFIPA/ CAL-GLBA): This act adds to the Gramm-Leach-Bliley act

-            Civil Penalty up to $2500 per violation, or $500,000 if disclosure is more than one individual

-            Fed version – (GLBA) GRAMM-LEACH-BLILEY ACT

-            Consumers have final say in sharing non-public information

-            Financial profiling is greatly restricted

-            Penalties for identity theft are doubled

-            Requires “Opt-In” provisions for info sharing with 3rd parties

-            Established “Opt-Out” standards for sharing info within a family of companies

-            Companies must obtain a signed consent from consumer to share personal data

-            Failure to comply may result in civil penalties

-            Financial Institution must notify consumer ANNUALLY about possible disclosure

-            Allowable Information Sharing

o   Data in single line of business

o   Needed for the function of the business

o   Sharing is operational for security disputes of inquiries

o   To protect against actual fraud

o   With Law enforcement

o   In the case of business merger, sale, or transfer

o   Compliance with law

o   Investigation of elder financial abuse cases

o   Permissible outsourcing functions

(IIPA)

-            Notify when information collected from someone other than applicant

-            Prior to the time of policy delivery

-            No later than at the renewal date

-            Penalties - $10,000 fine, 1 year imprisonment, or both

Establishes standards for the collection, use, preservation, and disclosure of information relevant to insurance transactions. A notice of information practices must be delivered prior to or at the time of policy delivery, when personal information is collected from a source other than the applicant, and not later than policy renewal. If a satisfactory notice has been delivered in the previous 24 months, a repeat notice is not required.

 

Pretext Interviews (illegal) - An attempt to obtain personal, nonpublic information through deception, leading to the interviewer acting as someone other than a licensed agent or insurance company representing acting in an authorized capacity. It is legal to deceive clients in investigations.

 

-            If a consumer submits a written request for access to recorded information that the company has transacted the company must:

o   Inform the consumer of the nature and substance of the recorded info

o   Allow the person to see and copy, in person the recorded info

o   Disclose the identity of people who received the info in the past two years

o   Provide the procedures by which the consumer may request a correction, amendment or deletion

 

Adverse underwriting decisions:

-            A declination or termination of insurance coverage, except when done statewide

-            Failure of an agent to apply for insurance coverage with an insurer specified by consumer

-            Placement of a risk with a residual market mechanism

-            A higher rate on the basis of info that differs from that which the applicant furnished

 

Insurers may not seek information other than what the consumer has submitted or on any previous underwriting decisions. If consumer requests reasons for termination of declination insurer has 90 days to provide reasons. 

 

HIPAA - Health Insurance Portability and Accountability Act

Insurer must inform applicant of insurer’s data security protocols, what info may be obtained, how it will be used, and to whom it will be disclosed. Applicant must be given opportunity to refuse dissemination.

 

Privacy of Nonpublic Personal Information:

Opt-Out Notice – Prior to disclosing any non public info the licensee must provide the consumer an opportunity to opt out

-            Delivery- Notices regarding nonpublic personal info may be provided a hand-delivered printed copy of notice, a mailed copy, or electronically with consumer signature. Notices posted in office or verbal notices do not suffice

 

Standards for Safeguarding  Nonpublic Personal Info

Licensee must implement a comprehensive, including Admin, Technical, and physical safeguards protecting information. Program should address risk assessment, training of staff, testing of key systems, due diligence in selecting service providers, and making adjustments to program.

 

 

 

 

(CCPA) California Consumer Act of 2018

Grants consumers certain rights about the personal information collected by businesses, including the right to know how that information is used and shared, the right to opt out of the sale of that information, and the right to delete personal information.

-            Right to know about info collected and how it is used and shared

-            Right to delete personal info, with some exceptions

-            Right to opt out of sale of personal info

-            Right to non-discrimination for excising these rights

Personal info is info that can identify the client. Client must include link to opt out of sale. If they opt out you must wait 12 months prior to soliciting them again.

 

Shine the Light Act of 2003

Sets disclosure agreements for the sharing of personal info and the opportunity to opt out the ability to share personal info for direct-marketing purposes. Requires business to disclose, upon request, the categories of personal info that was shared with third parties as well as who those third parties are. (Info including – name, address, email, age, DOB, names, age, and gender of children, height, weight, race, religion, political party, religion, the kinds of products or real property purchased, leased or rented, SSN, bank account, credit cards, debit numbers, drugs, therapies medical products or equipment used, and payment history). Refusal to comply results in a civil penalty up to $500 per violation up to $3000 per willful or reckless violation.

 

Violent Crime Control and Law Enforcement Act of 1994 (18 USC 1033)

(civil and criminal penalties up to $50,000 penalty and 5 years jail)

-            Federal regulation that includes a prohibition against anyone who has committed felonies involving dishonesty or breach of trust from being employed in the insurance and financial services industry.  Waivers may be granted in some circumstances. Factors involved in granting waiver:

o   Nature and severity of crime

o   Length of time since conviction

o   Injury/loss caused

o   Whether or not pardoned

o   Nature and strength of reference letters

o   Person’s business and personal record before and after conviction

o   Was the conviction in foreign country

-            Prohibited persons include: Executive officers, directors, employees of agency, agent, solicitor, broker, consultant, 3rd party administrator, managing general agent, or subcontractor

-            Persons involved in prohibited activities are subject to civil penalties of not more than $50,000 or the amount they received from the behavior, whichever was more.

 

 

 

Fraud and False Statements includes the following acts:

-            Willful embezzlement, abstraction, or misappropriation of any funds, moneys, premiums, or credits

-            False entries made in a company’s books, records, or reports

-            Use of threat or force, to influence or obstruct fair and legal business practices

-            Material overevaluation of land, property, or security

Criminal penalties include fine, imprisonment, or both. Generally not more than 10 years except:

-            If the amount does not exceed 5000 the person is subject to 1 year jail

-            If the prohibited activity jeopardizes the security of an insurer – up to 15 yrs

 

Fair Credit Reporting Act

Protects the consumer’s right to privacy regarding the collection practices and use of consumer credit reports. Notice that a report may be obtained must be disclosed to an insurance coverage applicant at the time the application is taken.

 

Privacy of NonPublic Personal Information

Privacy protection policies specific insurers agents, and insurance-support organizations regarding the collection and disclosure of nonpublic personal information. Privacy policies must be provided when the customer relationship is established, followed by an annual notice (or when policies are revised).

 

California Risk Retention Act - allows businesses, associations, and individuals to insure against liability and statutory obligations. The act is found in the California Insurance Code, Chapter 1.5, Risk Retention, and can be cited as California Code, Insurance Code, INS § 125Accounts Receivable Coverage Form – Covers amounts due to the insured, which are uncollectible from customers because of the direct physical loss or destruction of records of accounts receivable from a covered loss, such as a collapse of a building damaged by fire.

 

Signs Coverage Form – Insurance for signs, street clocks, and similar property in the insured’s care. Also, neon signs, billboards, and ordinary fixed or plastic-faced signs. Not covered during installation, transportation, repairing, or dismantling.

 

Commercial Articles Coverage Form – This form covers cameras, projection machines, films and related equipment and accessories, musical instruments, and similar property of others that is in the insured’s care, custody, or control.

 

Installation Floater – Primary property insured is moveable property, like electrical, plumbing, or heating equipment to be installed in a building.

 

Jewelers Block Coverage – Covers jewelry held as stock by jewelry retailers, wholesalers, and manufacturers, including what has been sold but not delivered.