How Can Insurers Adapt to Expanding Consumer Privacy Protection in the US?
The rapid shift to digital technology has been transformative for insurance. And more recently, discussions about technology and its implications – especially with respect to data privacy –have quickly moved to the highest levels of both business and government.
Data Privacy Top of Mind Worldwide
Once GDPR regulations were passed in Europe, it became evident that it was only a matter of time before data privacy laws would be enacted in the US. As reported by the National Conference of State Legislatures (NCSL), bills or bill drafts have been introduced and/or filed in at least 25 states and in Puerto Rico, and it is likely that other states will do the same over time to expand consumer data privacy protections.
Not surprisingly, California was the first state in the US to pass data privacy laws. The California Consumer Privacy Act (CCPA) was passed in June 2018, to take effect in January 2020. However, on May 22, 2019, the insurance assembly approved CCPA Amendment AB 981, which includes changes that will incorporate California’s Insurance Information and Privacy Protection Act (“IIPPA”) to avoid overlap with CCPA and exempting insurance institutions, agents, and support organizations (i.e. insurers) from certain CCPA provisions. Although it was recommended by the committee, it is not yet known if it will pass in this format – or what other changes are to come in the future, since it still must be passed by the California Senate Insurance and Judiciary Committees. Because of the sensitive nature of data privacy, there are several consumer watchdog groups that are arguing against these changes.
Finding the Right Approach
Although regulations evolve over time, consumer privacy is a fast-moving target, especially given the frequency of data breech/hacking activities. Unfortunately for insurers, following compliance rules is not optional, and they can’t wait for the dust to settle. Until there is a potential federal standard for consumer privacy, there will continue to be differing laws on a state by state basis adding further complexity to the situation. It is also very likely that the laws in each state will continue to iterate at an accelerated pace, thus your IT and technology platforms must be able to do the same. The traditional path to using technology to solve a business problem – i.e. a project plan with a beginning and an end – is not going to solve the vexing situation that insurers find themselves in now.
But, taking a step back, there is a solution for managing a moving target.
In her recent blog post, Eileen Potter, our marketing lead for insurance, discussed some of the reasons that low-code is the optimal foundation for insurers to use for their compliance management programs, enabling the speed and power to rapidly build applications, the agility to make changes, and oversight to maintain visibility into processes—while controlling IT spend.
Although the final format of consumer privacy regulations is an unknown, insurance organizations should begin to take steps now to address the requirements to meet compliance, and to begin to build the framework of what will ultimately be a consumer privacy application.
Some of the action items to consider include:
- Understand and analyze what defines personal information, including the types of personal information collected by your organization
- Consider the lifecycle of the data, and how and when personal information processed
- Determine who has access to the data, to whom is it transmitted, and where it is stored
- Develop an efficient process for responding to consumer demands and have defensible documentation that those requests were satisfied
The Future of Insurance
Striking the balance between technology and process is how insurers can manage the riddle of consumer privacy. And frankly, this is the future of insurance. Change is the new reality, and a low-code solution can allow you to keep up with the pace of change related to consumer privacy regulations.
It’s impossible to talk about the future of insurance – including consumer privacy – without mentioning InsureTech Connect. The conference is only 3 weeks away and I’m looking forward to seeing the insurance community come together in Las Vegas to exchange ideas and inspiration about our industry. I’d welcome the opportunity to meet with you at the conference. Feel free to reach out to me via email, connect to me on LinkedIn, or schedule a meeting. We’ll be at booth 825, so please come by and meet the global Appian insurance team.