The draft as it now stands requires that insurers implement a "comprehensive written information security program that includes administrative, technical and physical safeguards for the protection of consumer information."
An insurer would be required to assess risks and the likelihood and potential damage of threats to consumer information it held. Once risks are identified, an insurer, as the model currently stands, would have to develop a security program, train staff to implement the program and test key controls, systems and procedures of the security program.
Efforts to safeguard customer information is occurring even as state regulators continue work to create state privacy standards.
Insurers, represented by both life-and-health and property-casualty trade groups, have been working with state regulators and legislators to establish privacy standards.
Regulations in development in California and Vermont have also raised concerns among insurers that have been voiced by trade groups such as the American Council of Life Insurers in Washington.
Reproduced from National Underwriter Life & Health/Financial Services Edition, August 27, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.
Copyright 2001 by The National Underwriter Company. All rights reserved. Contact Webmaster
