California regulators should pause Privacy Act rules

At the beginning of this year, the long-awaited California Consumer Privacy Act (CCPA) took effect. As an ambitious attempt to give consumers more control over how businesses collect, store, and use their personal information, it is clear the CCPA will have effects that reach far beyond the technology sector.

While the attorney general has yet to release final regulations governing the implementation of the law, the claims adjusting community — led by the Association of Claims Professionals (ACP) — has worked closely with the attorney general’s office over the last several months to seek to eliminate confusing and redundant requirements that would create difficulty for consumers and insurers alike.

Information collected as part of administering and managing employee benefits, workplace injury, property and casualty damage, and liability claims should be exempt from the CCPA’s provisions.

The ACP also has conferred with a broad cross-section of industry stakeholders who do business in California to request that the attorney general temporarily defer enforcement of the CCPA so as to allow businesses to address the newfound challenges posed by the COVID-19 pandemic and make responsible decisions that prioritize the needs and health of their workforce.

As professionals who handle millions of property, casualty, workers’ compensation, disability, and other liability claims each year, independent claims adjusters work on behalf of insured and insurance carriers to process claims.

When a business or individual suffers a loss such as a workplace injury, property or casualty damage, or liability, claims adjusters are the first to help claimants begin their recovery. Naturally, this claims work requires adjusters to collect important information about claimants in order to accurately and efficiently process insurance claims. At each step of the process, every effort is made to ensure that this information is kept secure, confidential, and in accordance with currently existing local, state, and federal privacy laws.

When it was originally drafted, California’s legislators believed the CCPA was necessary to close gaps in the state’s existing consumer privacy laws. However, if not implemented carefully, the Act and its implementing regulations concerning the collection and processing of consumer data could have the opposite effect —and create conflicting standards for claims adjusters, insurers, and the consumers they serve.

To avoid this, we recommend the attorney general further revise the regulations to make clear that information collected as part of administering and managing employee benefits, workplace injury, property and casualty damage, and liability claims be exempt from the CCPA’s provisions.

These revisions are necessary to reflect that claims adjusters already are subject to existing state laws such as the California Insurance Information and Privacy Protection Act (IIPPA), as well as the state Insurance, Health, and Labor Codes. In many cases, the protections afforded to consumers under these laws exceed those outlined by the CCPA — such as the requirement that insurance agents provide consumers with a “notice of information practices” upon delivery of a policy or collection of personal information.

Other protections, such as the right of insured individuals to access, amend, correct, and delete their personal information, as well as strict criminal penalties for insurers that engage in the unauthorized disclosure of confidential information, already can be found within existing laws.

Furthermore, the current national health crisis has led to unprecedented challenges for businesses around the world. The consequences of the global pandemic undoubtedly have upended the business community’s efforts to bring their compliance systems in line with the yet-to-be finalized regulations.

In order to allow businesses sufficient time to ensure consumers have consistent access to the rights afforded under the new law, enforcement of the CCPA should be delayed until at least January 2021. The ACP fully supports California’s efforts to enhance privacy protections for consumers, but we recognize the rapidly evolving nature of the CCPA’s proposed regulations will become even more complicated in light of the recent crisis.

There’s no need to make a trade-off between the protection of consumer privacy and the efficient processing of insurance claims. Nor should the business community have to rush to meet arbitrary deadlines amid a global pandemic. Both regulators and the regulated owe it to consumers to get it right when it comes to enforcing California’s landmark privacy law.

We therefore urge the Attorney General to consider and adopt our recommendations as it moves forward with its final draft of regulations.
—
Editor’s Note: Tim McIntyre is senior vice president and general counsel of TRISTAR Insurance Group.