US NAIC 670 – Insurance Information and Privacy Protection Model Act

The National Association of Insurance Commissioners (NAIC) in the United States has developed several model rules and regulations that govern the insurance industry. This includes the NAIC Model Regulation 670, a model law - “US NAIC 670 – Insurance Information and Privacy Protection Model Act.” US NAIC 670 is included in the set of four primary model NAIC laws: the model Insurance Information and Privacy Protection Act (#670), the Insurance Data Security model law (#668), the model Privacy of Consumer Financial and Health Information Regulation (#672), or the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions by insurance institutions, agents, or insurance support organizations.

Many US states, including Arizona, California, Connecticut, Georgia, Illinois, Maine, Massachusetts, Nevada, New Jersey, North Carolina, Ohio, Oregon, and Virginia, have adopted the model Insurance Information and Privacy Protection Act (#670). The states of Kansas and Minnesota have adopted/incorporated some of the portions, while the state of Montana has adopted 670 as well as regulatory provisions implementing the Act.

The US NAIC 670 outlines guidelines for how insurance institutions, agents, and insurance support organizations must collect, utilize, and disclose data related to insurance transactions to strike a balance between those conducting the insurance business' need for information and the public's requirement for fairness in those activities' use of insurance information, including a need to minimize intrusion; to provide a legal framework that will allow individuals to know what information is being or has been obtained about them in connection with insurance transactions and to have access to that information to confirm or challenge its accuracy; and to restrict how information obtained for insurance transactions is shared, and to make it possible for insurance applicants and policyholders to understand the motives behind any unfavorable underwriting decisions.

The obligations of this Act shall apply to those insurance institutions, agents, or insurance support organizations which, on or after the effective date of this Act:

In the case of life, health, and disability insurance: (a) Collect, receive, or maintain information in connection with insurance transactions that pertain to natural persons who are residents of this state or (b) Engage in insurance transactions with applicants, individuals, or policyholders who are residents of this state, and

In the case of property or casualty insurance: (a) Collect, receive, or maintain information in connection with insurance transactions involving policies, contracts, or certificates of insurance delivered, issued for delivery, or renewed in this state, or (b) Engage in insurance transactions involving policies, contracts or certificates of insurance delivered, issued for delivery or renewed in this state.