The pandemic has caused many predictions for 2020 to be spectacularly wrong. One exception is that data privacy and compliance will become even more important, specifically because of the introduction of the California Consumer Privacy Act (CCPA).
For carriers that work with consumers in California, the legislation created a list of compliance considerations. Californians now have the right to know what information companies have, request that it not be sold and request that it be deleted unless it is in conflict with another law (very important to note that last piece for our highly regulated industry). Businesses must also provide a link that says, “Do Not Sell My Information,” which enables the consumers to make their opt-out request.
Let’s take a look at three of the many concerns related to CCPA:
- Data Breaches: Protecting a consumer’s private and sensitive information should be a top priority, as data breaches have become more common and have resulted in damaging headlines and expensive settlements. Given the nature of our industry and the amount of personal information exchanged, insurers are a prime target for cyber attacks, and we will certainly see them fall victim to data breaches.
- Identify Theft: Insurers need to be certain that they are not responding to these consumer requests without reasonable verification that the consumer making the request is the actual consumer in question and not a bad actor trying to steal consumer information.
- Compliance: Carriers should consider hiring a compliance vendor or outside counsel well-informed on CCPA to make these situations more navigable. These partners act as a referee, offering valuable third-party input to verify that a safe and compliant process is in place. This partnership can provide a paper trail (if needed) to document that the required data usage and privacy notices were communicated to consumers. If trouble arises, it can be advantageous to have an independent third party defending you.
See also: CCPA: First of Many Painful Privacy Laws
Working With Technology Partners
Since CCPA’s initial rollout on Jan. 1, insurance carriers that conduct business with Californians have been trying to reach full compliance before enforcement actions are scheduled to begin on July 1. For most, working with a technology partner, especially a data-as-a-service (DaaS) company, can be monumental in navigating the ins and outs of the new compliance standards. Here at Jornaya, we recently extended our compliance product suite to assist companies in meeting the requirements of the CCPA, as well as potential future state and federal regulations.
As CCPA goes into effect, plenty of other states are looking to it as a blueprint for creating their own data privacy laws. Nevada, New York, Texas and Washington are just a few states where legislators are starting to follow California’s lead by introducing privacy bills.
Creating Better Customer Experience
These laws are trying to provide transparency about what data is being collected on a consumer and how it is being collected and allowing the consumer to be in the driver's seat as to how that data is going to be used.
Privacy regulations, like the CCPA, are simply about doing the right thing for the consumer. And the consequences of not paying attention and not doing the right thing by consumers with regard to their privacy can be devastating, not only in terms of potential legal action but also in the loss of consumer trust and associated sales.
Disclaimer: Any and all content provided (material, information, graphics, etc.), and any other versions and variations of the content (e.g. in .pdf via email or otherwise) is provided only for general information. It is not intended to serve as, or as a substitute for, legal or compliance recommendations; to advise or infer to be used in any particular way by you or your company, and not intended to be used as a basis for making business/commercial decisions.