AIA Seeks Improvements for Insurers to N.C. Security Breach Legislation

Well-intentioned legislation aimed at fighting broad-based identity theft needs several changes in order to work effectively for property/casualty insurance policyholders, according to the American Insurance Association (AIA).

“Similar security breach legislation has been introduced in several states this year in the wake of reports of unauthorized access to, and outright theft of, consumers’ personal information from corporate and government sources,” said Raymond Farmer, AIA assistant vice president, Southeast Region. “Because the legislation is aimed at a broad array of organizations that collect and store personally identifiable data, AIA has taken a leadership role in working closely with officials to ensure that the interests of property/casualty insurers and their policyholders are protected.”

The North Carolina legislation, which is a top priority of the state’s attorney general, currently includes several problematic provisions. The most important is the impact on insurers of the “freeze” that consumers would be able to put on their credit report.

“Insurers need to have the ability to access consumers’ information for the purposes of underwriting, rating and claims processing,” said Farmer. “As currently written, the North Carolina bill’s ‘credit freeze’ language could delay or even prevent insurers from performing these essential tasks. We are working with the attorney general’s office and the bill sponsor to allow insurers access to this critical information.”

Other issues yet to be resolved include how breaches of encrypted data are handled and what level of detail must be provided to consumers regarding security breaches, both of which impact the ability of insurers to deploy their resources effectively to protect the integrity of consumer information and to notify customers in the event of its unauthorized access.

“AIA’s goal is to see that the North Carolina legislation works as intended: putting additional safeguards on the handling of personally identifiable information, without unintentionally harming policyholders by imposing overly broad requirements on insurers,” said Farmer.

The North Carolina identity theft legislation, S. 1048, has passed the Senate; a similar bill, H. 1248, has passed the House.