This past summer, Senator Sherrod Brown, a Democratic senator from Ohio and the then-ranking member of the US Senate Committee on Banking, Housing and Urban Affairs, introduced a draft bill that, if enacted, would impact the insurance sector’s use of big data and, more specifically, affect how insurance products are underwritten. With Democrats set to take control of the Senate today, Sen. Brown will now hold the gavel as the new chairman of this powerful committee that oversees the financial services sector, including the insurance industry. The chances that this draft legislation – or some version of it – becomes law has significantly increased with Democratic control of both chambers of the US Congress and the White House.
If enacted, the draft legislation, titled the Data Accountability and Transparency Act of 2020, would impact how the insurance industry and, more broadly, the financial services sector collects, uses and protects consumers’ personal data.
As we have previously written, in recent years both insurtech and traditional insurance companies have developed new and innovative proprietary data models that harness an expanding array of data to underwrite products, price risk and incentivize risk reduction in a more efficient and cost-effective manner. For example, by using new data models, some life insurance companies are now able to offer “accelerated life underwriting” whereby life insurance policies are issued without the need for a traditional medical exam. In a similar vein, property and casualty insurers are able to utilize smart home or smart car sensors to offer lower premiums to policyholders who engage in risk-mitigating behavior.
Although the use of big data in the insurance industry has the potential to positively affect both industry and consumers by offering increased access to insurance, providing additional cost-savings and detecting fraud more precisely, regulators have long been concerned with how this aggregation of data impacts consumers’ privacy, as well as how such data could potentially be used to unlawfully discriminate against consumers.
With such concerns in mind, the draft legislation includes the following reforms:
- Prohibiting the collection, use or sharing of personal data unless it is strictly necessary to carry out one of a few specified permissible purposes
- Banning the use of facial recognition technology
- Prohibiting the use of personal data to discriminate on the basis of a protected class (e.g., race, color, ethnicity, national origin, religion, sex, gender, gender identity, sexual orientation, familial status, biometric information, lawful source of income or disability of an individual or a group of individuals) in housing, employment, credit, insurance and public accommodations
- Requiring any company, including those in the insurance sector, that uses algorithmic decision-making to engage in continuous and automated testing for bias on the basis of a protected class, including analyzing for any disparate impact on a protected class
- Requiring parties that use decision-making algorithms to provide accountability reports
- Establishing a new federal agency, called the Data Accountability and Transparency Agency, that would focus on protecting individuals’ privacy rights and have rulemaking, supervisory and enforcement authority
- Allowing for a private right of action which would permit individuals to bring suit against any party for allegations that such party has violated this law. The legislation provides that a court may award damages of $100 to $1,000 per violation per day or actual damages, whichever is greater, as well as punitive damages and other forms of relief
- Requiring CEO certification of compliance with the law and imposing potential criminal and civil penalties for CEOs and board of directors
This draft federal legislation is part of a wave of regulatory developments occurring at the state level, including at the National Association of Insurance Commissioners, that would impact how the insurance industry is allowed to use consumers’ data. Whether or not Sen. Brown’s draft legislation becomes law, federal and state legislatures and regulators are increasingly focused on how the insurance industry collects, uses and protects consumers’ data. Companies in the insurance sector that are interested in developing new and innovative ways to use data need to be familiar with and sensitive to this rapidly evolving regulatory and enforcement regime.