California has been at the forefront of tech innovation and is leading the way as the first state to give consumers insight and control over their personal information collected online through the California Consumer Privacy Act (CCPA). Other states are expected to follow California’s lead.
This landmark law will have enormous impacts on the way companies doing business with California citizens collect and store data, specifically tech giants like Google and Facebook, but how will it affect your business?
CCPA is explained simply by Jeff Roberts of Forbes, “In practice, this means consumers will be able to ask anyone from Google to Starbucks to disclose what data they are collecting, simply by using a website or phone number. Those companies will also have to put a “Do Not Sell My Personal Information” button on their websites and delete the data if a consumer asks them to do so. Finally, a business won’t be able to refuse services or charge higher prices if a consumer exercises these rights.”
Implications on insurance business
The fundamental transactions of an insurance business require the collections, use, and processing of personal information to underwrite policies, handle claims, investigate fraud, and even set rates. Since the enactment of California’s Insurance Information and Privacy Protection Act (IIPPA) in 1980, insurers were required to protect the personal information of policyholders. Furthermore, in 2003, the California Department of Insurance expanded its privacy regulations to require insurers to provide privacy and opt-out notices to policyholders.
The CCPA further regulates and expands consumers’ rights to protect personal information, including the right to request businesses to delete personal information. How can insurers process the fundamental transactions if consumers request for personal information to be deleted? Well, the IIPPA was recently amended to excuse insurers, to the extent required to complete an insurance transaction, from complying with policyholders’ requests to delete and to opt-out of the sale of personal information.
The California legislature intends to synchronize the consumer privacy protection regulations of the CCPA with the requirements of transacting insurance business and the existing protections in the IIPPA. Never the less, insurers conducting business with California consumers are encouraged to become familiar with the CCPA and to evaluate and conform policies and procedures to the requirements of the CCPA.
The act will be effective January 1, 2020, with enforcement by the California Attorney General beginning July 1, 2020.
You can read the full SSAP Chat article here.