Upload
rudolf-boyd
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Privacy in the 21st Century:An Oxymoron?
Impacts and Implications for the Insurance Industry
Home Office Life Underwriters AssociationOrlando, FL
May 7, 2001
Download at:http://www.iii.org/media/privacy/index.htm
Robert P. Hartwig, Ph.D. Vice President & Chief EconomistInsurance Information Institute 110 William Street New York, NY 10038
Tel: (212) 346-5520 Fax: (212) 732-1916 [email protected] www.iii.org
Is America Worried About Privacy?
YOU BET!
Articles in Major Publications with “Privacy” in Headline
1,7052,255
3,739
5,030
6,639
9,324
11,500
0
2,000
4,000
6,000
8,000
10,000
12,000
1995 1996 1997 1998 1999 2000 2001**EstimateSources: Insurance Information Institute; Lexis/Nexis.
Who’s Very Concerned About Privacy?
60%
54%
64% 62%57%
46%
67%
57%
72%
40%
60%
80%
100%
All Am
erica
ns
Onlin
e
Not O
nline
Wom
enM
en
Age 18
-29
Age 50
-64
White
Africa
n Am
erica
n
Sources: Pew Internet & American Life Project.
Those not online, women, minorities and older people are more concerned about privacy
Who Said This?
“…I will prohibit genetic discrimination, criminalize identity theft, and guarantee
the privacy of medical and sensitive financial records. In addition, I will make it a criminal offense to sell a person’s Social Security number
without his or her express consent.”
--George W. Bush
Worried—But ApparentlyNot Too Worried
$5.198 $5.240$5.526
$6.393
$8.686
$5
$6
$7
$8
$9
$10
99:IV 00:I 00:II 00:III 00:IV
Source: US Department of Commerce, Insurance Information Institute
E-Commerce Retail Sales Trend($ Billions)
The Internet & Privacy:
An Oxymoron?
On-Line Worries
20% 21%
42%
27%31%
54%
0%
10%
20%
30%
40%
50%
60%
Worried e-mail read by others Might know which web sitesvisited
Might get computer virus
1998
2000
Sources: Pew Internet & American Life Project.
Reports of Identity Theft by Type
12,900
6,100
4,000
2,200 2,000
5,200
3,000
0
2,000
4,000
6,000
8,000
10,000
12,000
14,000
Credit CardFraud
Phone orUtilities
DepositoryAccounts
FraudulentLoans
GovernmentDocuments
Other Attempts
*Victims may be included in more than one category; categories are III approximations from FTC figures and charts.Sources: Federal Trade Commission; Insurance Information Institute.
Total Number of Victims = 25,845*
Identity Theft Per 100,000 People, 2000
Source: Federal Trade Commission
13 - 16
1 - 4
5 - 8
9 - 12
17+
Online Tracking: Is it Harmful?The Real Cookie-Monster
27%
36%
25%
23%
54%
47%
54%
56%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
All Internet Users Age 18-29 Age 30-49 Age 50-64
Helpful Harmful
Source: Pew Internet & American Life Project.
Would Like to “Opt-Out” When on a Web Site
56%
34%
4%6%
0%
10%
20%
30%
40%
50%
60%
Always Sometimes Rarely Never
Sources: BusinessWeek survey.
Insurance in the Online World:
A Tough Sell—So Far
How Americans Shop for Auto Insurance
67.6% 66.2% 68.2% 67.9% 67.4%
21.0% 21.7% 20.6% 21.1% 20.9%
10.5% 10.7% 10.5% 9.9% 10.9%
0.8%1.1%0.7%1.4%0.9%
0%
20%
40%
60%
80%
100%
Overall 18-34YearOlds
35-64YearOlds
Males Females
Online
Other
Phone
Local Agent
Source:Progressive Insurance; Survey of 31,500 consumer in 156 markets; Nov/Dec 2000.
Shifting Distribution Channels: Property/Casualty Insurers
Source: Datamonitor
20031998
Direct Response
10.0%Banks8.1%
Internet7.3%
Other2.5%
Independent Agents23.3%
Captive Agents48.8%
Direct Response
9.8%Banks2.8%
Internet0.9%
Other3.0%
Independent Agents27.0%
Captive Agents56.5%
Projected Online Sales of Auto, Home & Term Life Insurance
$0
$2,000
$4,000
$6,000
$8,000
$10,000
$12,000
$14,000
Auto Home Term Life Renters
20002001200220032004
Source: Forrester Research
$ Millions
Insurers: Tangled in the Web?
Distribution Channels Continue to Proliferate
Customer InsurerAgent Broker
Mail Telephone
Bank
Internet Dealerships Payroll Plans
Stock Exchanges
Online Auctions (e.g. Priceline.com)
????
PRIVACY PARADE
Too Many Privacy Cooks May Spoil the Soup
HIPAA GLB HHS NAIC…
Privacy TimelineG
LB
Ena
cted
Nov
.12,
199
9
Fede
ral m
edic
al p
riva
cy s
tand
ards
rel
ease
d D
ec. 2
0, 2
000
Feb.
200
1: F
eder
al m
edic
al p
riva
cy
reg
ulat
ions
del
ayed
Apr
il 14
, 20
01: F
eder
al m
edic
al p
riva
cy
reg
ulat
ions
take
eff
ect
July
1,
2001
: GL
B p
riva
cy d
iscl
osur
e
req
uire
men
t dea
dlin
e; A
lso
“uni
form
”
adop
tion
date
for
NA
IC m
odel
reg
s
1996
: Hea
lth I
nsur
ance
Por
tabi
lity
Act
Apr
il 14
, 20
03: F
eder
al m
edic
al p
riva
cy
com
plia
nce
dead
line
Source: Insurance Information Institute
The Gramm-Leach-Bliley Act and Implementing Regulations
• GLB Act enacted November 12, 1999
• Primary purpose is to permit affiliations between banks, securities firms and insurance companies
• Compliance required by July 1, 2001
Every financial institution has an affirmative and continuing obligation to :
respect customer privacy, and
protect the security and confidentiality customer information
Source: Schwartz & Ballen
Highlights of Title V andThe Agencies’ Regulations
• Financial institution safeguards
• Disclosure obligations
• Privacy obligation policy
• Privacy notice requirements
• Information to be included
• Opportunity to opt out
Source: Schwartz & Ballen
Highlights of Title V (continued)
• Reuse of information
• Exceptions
• Joint marketing
• Rulemaking and enforcement
• Applicability of State law
Source: Schwartz & Ballen
Safeguarding Customer Information
• Information Security Program• Involvement of Board of Directors• Assessment of Risk• Manage and Control Risk
Access rights to customer informationEncryption of informationContract provisions for service providers
• Oversee Outsourcing Arrangements
Source: Schwartz & Ballen
Disclosure Obligations (cont’d)
• Financial institutions may not disclose “nonpublic personal information” to “nonaffiliated third parties” without:
notice opportunity to “opt out”
Source: Schwartz & Ballen
What is Nonpublic Personal Information?
• Personally identifiable information collected from consumers
• Personally identifiable information collected about consumers
• Personally identifiable information resulting from a transaction with consumers
Source: Schwartz & Ballen
Redisclosure and Reuse of Information
• Anyone who receives information from a financial institution may disclose the
information to a nonaffiliated third party only to the extent such information could be disclosed by the provider
• The rules restrict reuse by third parties information can be used only for the
purpose for which it originally was provided
Source: Schwartz & Ballen
Rulemaking and Enforcement
• Federal agencies with rule writing and enforcement authority
- Federal Reserve Board - Comptroller of the Currency
- Federal Deposit Insurance Corporation - Office of Thrift Supervision - National Credit Union Administration - Securities and Exchange Commission - Federal Trade Commission
• Insurance companies and agents are subject to the jurisdiction of the state insurance authority
Source: Schwartz & Ballen
Applicability of State Law
• States may enact stronger measures
• Many States are considering Opt in Consumer access to information
and correction rights Affiliate sharing Limitations on disclosure of medical information
Source: Schwartz & Ballen
NAIC Model Rule
• Applies to financial and health information• The financial disclosure provisions closely follow the federal rules, with adjustments to deal with issues unique to insurance (e.g., group policies, workers compensation)• Health information cannot be disclosed to affiliates and nonaffiliates unless the consumer has provided consent
Source: Schwartz & Ballen
NAIC Model Rule (continued)• Consent is valid for no more than 24 months
• If the licensee complies with the HIPAA rules, it is not subject to the NAIC’s health information rule
• The NAIC’s health information rule does not affect other state laws regarding medical privacy of health records
• July 1, 2001 “adoption” date
Source: Schwartz & Ballen
Federal (HHS) Privacy Regulations
• Released by Clinton Administration November 2000
• Became effective April 14, 2001• April 14, 2003 compliance date• Focuses on health plans, health care
clearinghouses, health care providers
• P/C & Life Insurers not under HHS jurisdiction
Federal (HHS) Privacy Regulations (cont’d)
• HHS Secretary Thompson will make “common sense” changes to the rules.
• Some changes will happen quickly, others require a lengthy administrative review.
• There will be confusion as the GLB, HHS and various state privacy regulations take hold.
Hawaii: Confusion in Paradise
• Confusion on interpretation of state privacy law led to a near shutdown of the state’s workers compensation system
• Doctors—uncertain how to interpret new law—severely curtailed disclosure of routine medical info to insurers.Feared massive fines and criminal penalties (and no doubt lawsuits)
• State had to call special legislative session to delay implementation date
• State’s Medical Privacy Task Force will study far-reaching impact of law
California—Dreamin’ about Privacy in the Silicon Shadow
• Assembly Bill 435 led at least one workers comp insurer to believe that it could not disclose the reasons for a rate increase to policyholders (employers).
• Two employers actually had to sue the insurer to obtain the rationale. • CA law leads insurers and TPAs to believe that they cannot transmit
info to employer, such as:Medical infoRehab plansReturn-to-work dates to employer
Insurance Underwriting—It’s Not in the Genes
Genetic Testing—Uphill Battle • Effectively banned for underwriting purposes:
Approximately 20 states have banned insurers from using genetic testing in underwriting (health focused, life and non-life insurers could be next)
In February UK insurer Norwich-Union admitted using genetic testing to screen life insurance applicants for Alzheimer’s, breast and ovarian cancer.
In April, British government declared temporary ban on use of genetic screening by insurers
US railroad Burlington Northern Santa Fe faced suit from EEOC for screening carpal tunnel claimants to see if work-related or genetic predisposition.
American public (and president) favor very strong protection of genetic information
Outlook • Federal rules will go into place (GLB,
HHS) without a significant changePopular support extremely highIndustries are conflicted
• Confusion because of state regs and varying deadlines
• Hard to avoid “patchwork” of regs• Safe harbors for p/c lines likely• Litigiousness will emerge
Insurance Information Institute On-Line
If you would like a copy of this presentation, please give me your business card with e-mail address