Under Iowa’s proposed regulation on consumer privacy, an insurer could be penalized for a single instance of failing to comply with its requirements, according to the National Association of Independent Insurers (NAII).
NAII Counsel Ann Weber, in a letter to the state Insurance Department, took exception to the provision under which a single contravention of the regulation could result in enforcement action and penalties, including forfeiture or revocation of an insurer’s license.
“Since there is no objective criteria in the proposed rules specifying what constitutes a comprehensive written information security program, and since the ‘required’ safeguards are also not specified,” Weber said, “it may be impossible for an insurer to determine what level of effort is required for compliance.
“While NAII agrees that a company should be allowed the flexibility to develop its comprehensive written information security program, as the proposed rule outlines, we object to the fact that a single infraction could result in penalties. A single contravention of the proposed regulation should not be actionable; there should be a finding of a consistent or intentional contravention of the rules for safeguarding customer information before action is taken against an insurer.”
Topics Legislation
Was this article valuable?
Here are more articles you may enjoy.
Viewpoint: Japan’s $550B Bet on America—What it Means for the US Insurance Market 
Verisk: Insurance Claims Volume Fell to 5-Year Low in 2025 
Mustard Maker Caught Pumping Pollutants Into River for Years and Lying About It 
Florida Mobile Home Insurance Market Still Struggling With Premiums, Coverage 
