In November 2000 the Federal government passed the Gramm-Leach Bliley Act – 15 U.S.C. §§ 6801-6827 (GLBA) that set the precedence for customer privacy. This bill covered Privacy Rights for disclosure of personal information from companies, producers and other persons and entities licensed under each state’s insurance law and included all licensees, health insurers and HMOs because they are considered “financial institutions” under Title V of the GLBA. The GLBA permits each state to develop its own compliance regulations.
Prior to the passing of the GLBA, the state of Arizona was already regulating the privacy of customer’s personal information. The Arizona Insurance Information and Privacy Protection Act, A.R.S. § 20-2101et seq protects “individually identifiable information gathered in connection with an insurance transaction and from which judgments can be made about an individual’s character, habits, avocations, finances, occupation, general reputation, credit, health or any other personal characteristics, including medical record information. In addition A.R.S. § 20-2102(18) which was based on a 1980 NAIC model law was more comprehensive and more stringent than GLB standards.
Insurers doing business in Arizona had to comply with this law since the early 1980’s. After the passage of the GLBA the state legislature amended their law to make sure that all the standards were at least as stringent as the federal minimum standards.
Some of the changes include requiring agents and/or insurers to provide a written “Notice of Information Practices” on new and renewal business when “personal information” is collected on the applicant or insured. The law defines “personal information” as including information about an individual’s character, habits, avocations, finances, occupation, credit, health or other personal characteristics. It further requires that the “Notice of Information Practices” will also inform the applicant or insured that personal information may be collected, the possible type and source of personal information to be collected, the limited circumstances under which the personal information may be disclosed and the rights to access and correct personal information. In addition, a “Disclosure Authorization Form” is to be used by insurers and agents when gathering personal or privileged information during insurance transactions that may disclose personal information. Finally, if an adverse underwriting decision is made, a written notice by the agent or insurer must be given as to the specific reason for this adverse decision and include the rights of the applicant or policyholder.
The state of Arizona also complies with the GLBA’s standard when it comes to the format of Privacy Notices. All Privacy Notices must be accurate, written clearly and understandably so that customers can understand what information is being collected and how agencies use their information. These notices need to be given to new customers as well as sent out annually to existing customers.